I spend a lot of my time in coffee shops when I’m not on the road. It’s easy to just pop in and get some work done while I enjoy a fine cup of caffeinated goodness and contemplate the meaning of life. I usually spend my contemplation time right away, since my laptop and mobile device have to take upwards of a minute each to connect to the wireless AP in the coffee shop. And that’s with me coming as often as I do! I still need to connect to the SSID and hit the captive portal for my device MAC address to be authenticated.
It’s even worse when I go to unfamiliar places that use things like social Wi-Fi logins or other data collection mechanisms. It’s so bad in today’s world that I would rather use my LTE hotspot rather than deal with draconian measures designed to profile me. And when you look at the number of Wi-Fi networks that don’t have any kind of protection, it’s drastic indeed.
The key issue for businesses like this is the age-old contrast between security and ease-of-use. Networks need to be more secure in order to save us from leaking data all over the Internet. But having those protections in place increases the complexity of connecting to those networks. And users that have to jump through hoops to use your wireless won’t stay long. How can a business or chain of stores provide the kind of frictionless connectivity that users have come to expect without spending hours and significant amounts of money doing the technical research to build their own solution?
Wherever I May OpenRoam
Cisco has been doing a lot of research in the field of offering seamless roaming. All the way back in 2011 I remember hearing about 802.11u, which was originally designed to improve interoperability between external networks in wireless. 802.11u was implemented by the Wi-Fi Alliance as Hotspot 2.0, which is the basis for Cisco’s newest solution – OpenRoaming.
OpenRoaming is designed to help you implement seamless roaming between networks with one enrollment and identity solution. Rather than having to remember credentials for a variety of networks and passwords for SSIDs everywhere, Cisco makes it easy. OpenRoaming can take a variety of well-known identity methods and use them to authenticate and enroll devices. Once the enrollment process is completed, devices that have been authenticated through the OpenRoaming process are connected to networks with no fuss or muss.
This great video from Matt MacPherson illustrates the great technology that Cisco has been building:
I have first-hand experience with OpenRoaming from Cisco Live 2019. I got an email from Cisco that there was an OpenRoaming beta test going on. Not one to shy away from breaking new and exciting things, I signed up the week before I left for San Diego. When I arrived on Saturday morning for my first meeting, my iPad and iPhone automatically connected to the OpenRoaming SSID (which was hidden) and authenticated me to the network. Instant and easy. It was so seamless, in fact, that I didn’t know where to look for the SSID and password for the main conference Wi-Fi because I didn’t have to look for it!
The possibilities of OpenRoaming are endless in my mind. Retail establishments can have users set up and authenticated to one branch location and use those same credentials across all the networks that they have. Starbucks or Dunkin would be able to have you join instantly! The same goes for carriers like AT&T or Verizon. I know that AT&T used to use the SSID “attwifi” everywhere to offload traffic from mobile devices. They still do use it in places but it’s fallen out of favor for a variety of reasons. Imagine using “attwifi20” and making it OpenRoaming-enabled. Now, any time you get close to a provider that partners to offer a service like this you can connect and not worry about anything! And, with the advent of 5G, you can authenticate back and forth between wired and wireless networks easily without the minutes that it could take to dismiss captive portals or wait for the backend to take care of doing the heavy lifting each and every time you walk up to the door.
OpenRoaming isn’t the only option out there for this kind of connectivity. The big competitor is Passpoint, which is backed by mobile providers and companies like Aruba. Passport is very much tied to mobile devices right now, as the cellular device ID is used as your identity. With OpenRoaming, you can use a variety of identity stores to authenticate other devices, not just mobile phones. That kind of flexibility makes OpenRoaming a better solution for enterprises that would need to be more inclusive of the types of devices that make up their workforce. You can be sure that almost everyone has a mobile phone today, but you can’t be certain that they aren’t also bringing a table and a laptop along for the ride.
Bringing It All Together
Fast and easy works on so many levels. The less I have to worry about signing up and operating my connectivity the more time I can spend doing work or contemplating the existence of snapping turtles. Worrying about SSIDs and social Wi-Fi logins just makes me irritable and more likely to snap at other people. OpenRoaming isn’t the solution for every situation where you might need open, identity-based login for wireless. But it can fill a need on the larger end of the scale. If you’re a university or a retail chain with a nationwide footprint you definitely need to check it out.
For more information about OpenRoaming from Cisco, you can check out their info page. You can also find coverage from their Mobility Field Day 4 presentation from Haydn Andrews, Scott Lester, and Episode 10 of the Contention Window Podcast
Tom,
Thank you very much for publishing this content, along with the video. This was a great article and the video was a great watch. I’m a little fuzzy on the first time connection/on-boarding/enrollment process of a device in a network that supports OpenRoaming. As you know, many businesses offer complimentary Wi-Fi, but require users to at least hit a splash page and accept terms and conditions. In this scenario, does a user still have to do that one time, and then by having a supported credential (Samsung for instance from the video), they wouldn’t have to do so again? Or would businesses take the standpoint of not seeing a need in an AUP if they have a way to track users by a credential? This next part is also around on-boarding. Could users be automatically connected to Wi-Fi networks without knowing just because they have a supported credential for an access provider? Taking the example of the Samsung credential again, if a user could be near a business that accepts that credential, could they be automatically on-boarded without knowing? If so, I could see that being seen as a security issue. Or is it that when you get your initial credential, you legally accept that this could happen? Sorry for the ramble, but this was a really intriguing post. Thanks much!