1. OPENROAMING
Wi-Fi Roaming for All

2. What is OpenRoaming?
● OpenRoaming is a Wi-Fi roaming federation.
● Wi-Fi roaming is like mobile phone roaming, but becoming
an operator is less difficult.
● If you are already familiar with eduroam, OpenRoaming is
like eduroam for all of us.
● The idea is that end users can utilise their existing user
credentials (e.g. username-password, certificates, cellular
identities (SIMs)) to automatically connect to Wi-Fi
networks around the world.

3. With OpenRoaming™ WBA is acting as a centralized policy authority
enabling an ecosystem for identity providers and Wi-Fi network providers to
work together and deliver automatic and secure Wi-Fi experience to millions
of users
Source: https://wballiance.com/openroaming/how-it-works/
OpenRoaming video: https://www.youtube.com/watch?v=YvhZouk6MKM

4. Benefits for Operators
● Monetising own Wi-Fi network
coverage
● Getting more revenues from Wi-Fi as a
service networks
● Off-loading (roaming) data (and
VoWiFi) into Wi-Fi networks
● Extending network coverage available
to subscribers

5. Benefits for Guest Network Providers
● Easier, automatic admission/authentication of
guest network users (into WPAx-Enterprise
Wi-Fi networks)
● Multi-vendor supported network
authentication, configuration and provisioning
● Additional monetisation of guest/hospitability
Wi-Fi networks
● Called Access Network Providers (ANPs)

6. Benefits for Identity Providers
● Providing network access to identity
provider users via roaming
● Cost-savings from using roaming Wi-Fi
networks compared to cellular network
roaming
● Multi-vendor supported network
authentication, configuration and
provisioning

7. How does OpenRoaming work?
● Wireless Broadband Alliance coordinates.
● Operators, vendors, companies, organisations can join as
members, Radiator Software is a member.
● Joining as a member is not required for utilising and using
OpenRoaming, OpenRoaming is available as a service
from multiple service providers.
● Choosing between joining as a member or a service
provider depends on which kind of OpenRoaming roles
and access organisation is interested in.
● Roles: Independent OpenRoaming Implementer, Home
Service Provider (HSP), Access Network Provider (ANP),
Identity Provider (IdP)
● Access: OpenRoaming-Settled, OpenRoaming
Settlement-Free

8. Settled and Settlement-Free Access
● The Settled Access is for those organisations
interested in the monetisation of the Wi-Fi network.
● There are service providers offering
OpenRoaming-Settled service or organisation can
implement it themselves as a member of WBA
following OpenRoaming WRIX specifications.
● The Settlement Free Access is for organisations
interested more in the eduroam style multilateral
roaming and providing and gaining network coverage
without additional roaming costs.
● The Settlement Free Access is also available as a
service or can be implemented by organisations
themselves.

9. example.org
RADIUS server
example.com
RADIUS server
OpenRoaming Technical Functionality
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
RADIUS capable
Wi-Fi controller or
example.net’s own
RADIUS server
OpenRoaming Settled or
Settlement-Free Access
Service Provider
Static Radius over
TLS (RadSec, RFC
6614) connection
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
Global Public DNS
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
DNS discovery:
NAPTR aaa+auth:radius.tls.tcp <realm>
SRV <NAPTR result>
Name lookup <SRV result>
Dynamic RadSec
connection to
example.net’s IdP
service provider
Dynamic RadSec
connections to
example.com IdP
Dynamic RadSec
connection to
example.org IdP
user@example.com user@example.net user2@example.com user@example.org

10. OpenRoaming requirements for Access Network
Provider (ANP)
● For organisations who only want to let OpenRoaming
users roam in their network
● Minimum requirements:
○ Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment
○ OpenRoaming Settled or Settlement-Free Access service from
some WBA member service provider
○ No WBA membership needed
● Connecting directly to other OpenRoaming members
requires WBA client certificate (via service provider or
WBA membership), and an own RADIUS server

11. OpenRoaming requirements for Identity Provider
(IdP)
● For organisations who want their members or subscribers
roam in OpenRoaming member networks
● Minimum requirements:
○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment) *
○ Ability to configure OpenRoaming DNS records for IdP realm
○ OpenRoaming Settled or Settlement-Free Access service and IdP
service from some WBA member service provider
○ No WBA membership needed
● Connecting directly to other OpenRoaming members
requires WBA client+server certificate (via service provider or
WBA membership) and an own RADIUS server.
*) only if providing also Wi-Fi access network services (ANP)

12. OpenRoaming requirements for Operators
● Depend heavily on operator requirements for roaming logic,
accounting, invoicing, WRIX/roaming broker functionality…
● Minimum requirements (same with IdPs):
○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment)
○ Ability to configure OpenRoaming DNS records for IdP realm
○ OpenRoaming Settled or Settlement-Free Access service and IdP
service from some WBA member service provider
○ No WBA membership needed
● Connecting directly to other OpenRoaming members
requires WBA client+server certificate (via service provider or
WBA membership) and an own RADIUS server.
*) only if providing also Wi-Fi access network services (ANP)

13. What can Radiator Software do for you?
● Radiator has all the features needed from RADIUS
server for OpenRoaming.
● In addition Radiator has complementing
functionality such as Diameter and SIM
authentication (with SIM privacy) support.
● Our Radiator Auth.Fi service supports
Settlement-Free OpenRoaming ANP and IdP
roles.
● With Radiator Expert Services we can support
you whether you are interested in building
OpenRoaming-as-a-Service or just deploying or
piloting it in your Wi-Fi network.

14. Thank you. Questions, Comments?
Follow Radiator Software for more information…
Radiator Software blog:
https://blog.radiatorsoftware.com/
Twitter:
https://twitter.com/RadiatorAAA
Slideshare:
https://slideshare.net/radiatorsoftware/
Bookings for conference calls:
https://radiatorsoftware.com/contact/ / info@radiatorsoftware.com