[wsfii-discuss] Question: Hotspot logon standard (aka getting rid of captive portals)
Adrian Dabrowski
adrian at atrox.at
Sun Aug 17 11:22:03 UTC 2008
> with more embedded devices including WiFi support (ex. eye.fi) but
> lacking a user interface evolving, i thought of captive portals
> becoming more and more inappropriate for logons to WiFi hotspots.
for example eduroam [1] (wlan roaming platform of academic institutes)
uses 802.1x. basicly its a port authentication using radius servers. a
common infrastructure allows all participating organizations to roam around.
what sounds good at first, has some technical difficulties in
implementation, like all framework standards: there are hundrets of
combinations of authentication methods, authentication protocols (and
ciphers) to use: EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM,
EAP-AKA, PEAP, EAP-TTLS, EAP-CHAP, EAP-MSCHAP in diffrent versions,
PEAP-EAP-TLS,....
some require X.509 certificates, others don't, others work with
username/password or smartcards/SIM or combine some methods.
this makes implementation and testing a lot of work and for some
embedded devices it may be simply to huge to host all modules for it.
most vendors just stay with a subset of combinations - but still call it
802.1x support. for example nokia wlan devices (e-series, n-series and
others) support EAP-TTLS/MSCHAPv2 but not EAP-TTLS/PAP which makes them
unable to join most eduroam hotspots. there have been discussions in dev
forms and petitions to nokia [2] but there is little or no move visible.
adrian
[1] http://www.eduroam.org
[2] http://www.petitiononline.com/NokiaPAP/petition.html and
http://discussion.forum.nokia.com/forum/archive/index.php/t-98362.html
More information about the wsfii-discuss
mailing list