OpenRoaming vs. Passpoint: What's the difference?

What is OpenRoaming?

OpenRoaming is a cloud federation of interoperable Wi-Fi networks that enable users to roam with an automatic internet connection. Users can connect to multiple OpenRoaming-compatible Wi-Fi networks without needing to select a network, request access and authenticate their devices. The connection remains uninterrupted as the device rapidly transitions networks via Wi-Fi roaming.

Essentially, OpenRoaming is a framework that creates multiple Wi-Fi hotspots which devices can connect to without needing to search for networks and enter login credentials. The pool of Wi-Fi networks operates over a large geographical area to support the global wireless ecosystem. Cisco originally developed OpenRoaming, and Wireless Broadband Alliance (WBA) took control of the standard in 2020.

How OpenRoaming works

With OpenRoaming, a user's device goes through a one-time registration process with an identity provider to access the internet. The initiation process authorizes the device once and requires less manual input. Once the user completes the onboarding process, the device doesn't need to search for available Wi-Fi networks or register with other OpenRoaming members repeatedly.

WBA defines rules and guidelines for Wi-Fi networks to become a part of the OpenRoaming framework. For a Wi-Fi network to be OpenRoaming-compatible, it must broadcast Organization Identifiers (OIs) to other participating networks in the OpenRoaming federation. These OIs are for service providers, cloud providers, enterprises, governments and various stakeholders. The global WBA database keeps a list of all OpenRoaming members.

The OpenRoaming framework includes the three following components:

• Cloud federation.
• Cybersecurity.
• Network automation.

Cloud federation

Wireless Roaming Intermediary Exchange (WRIX) is the set of standards OpenRoaming uses to ensure secure data exchange between operators. These specifications provide best practices and serve to standardize processes between Wi-Fi roaming partners.

OpenRoaming also uses the Wi-Fi Certified Passpoint, or Hotspot 2.0, protocol to automate Wi-Fi network selection and internal transition for user devices. Passpoint eliminates the need for devices to search for nearby wireless networks and authenticate with passwords. DNS-based service discovery defines the endpoints of the Hotspot 2.0 network.

Cybersecurity

OpenRoaming networks preserve network security through WBA's public key infrastructure (PKI). The PKI deletes previous user data to maintain privacy, but the OpenRoaming framework remembers the user for future connectivity.

OpenRoaming provides seamless and secure internet connectivity by implementing the RadSec security protocol -- or RADIUS over Transport Layer Security (TLS) -- on authentication, authorization and accounting (AAA) endpoints. The RADIUS messages, known as special codes, are safe in the network through the TLS tunnel.

Network automation

The IEEE Registration Authority allocated WBA 24-bit Organization Unique Identifiers to identify OpenRoaming networks and federation members. These identifiers, known as Roaming Consortium OIs (RCOIs), have 12 more bits than the usual 36-bit format and support the OpenRoaming network pool.

Each user has a Passpoint profile that lists a 36-bit RCOI. RCOIs use network automation to match the codes with compatible networks when the user moves out of an area with OpenRoaming Wi-Fi. Essentially, RCOI identifies and connects a user device to other OpenRoaming-compatible Wi-Fi networks without compromising internet access.

Decentralized identity model

Other identity management criteria are available to monitor the information-sharing capabilities of OpenRoaming networks, such as a decentralized authentication model. This model involves Web 3.0 projects that integrate blockchain and the internet. Decentralized identity (DID) is a web credential for users to verify their identities with blockchain. DID is a user's true, unchangeable identity.

Routers compatible with DIDs in the OpenRoaming framework are called miners. These routers function as nodes in the blockchain to verify a user's DID on the blockchain. As a result, users need to go through a one-time onboarding process. The OpenRoaming framework makes the internet connection automatic and passwordless. However, only a few Web 3.0 projects support decentralized wireless connections.

OpenRoaming benefits and challenges

OpenRoaming offers several benefits, including the following:

• Each server has a unique identity in the OpenRoaming framework, which makes it secure like any other Wi-Fi network.
• OpenRoaming eliminates wireless network search and repetitive manual authentication, which saves time.
• OpenRoaming networks help provide high-definition streaming and downloading.
• OpenRoaming is in regulatory compliance and maintains user privacy.
• OpenRoaming can save money, especially during international travel.

OpenRoaming still has challenges for end users and operators, including the following:

• High-speed connectivity is not guaranteed.
• It can be a challenge for operators to configure Passpoint identifiers and AAA endpoints.
• Network providers control user registration rather than the global OpenRoaming federation.
• OpenRoaming hasn't been deployed on a larger scale, so the technology isn't scalable enough.

What is Passpoint?

Passpoint is a wireless networking standard that lets users connect to Wi-Fi networks without discovery, selection, request or authentication. Essentially, Passpoint is a set of public internet access protocols that automatically switch users from a cellular network to a wireless network or from one Wi-Fi network to another. This method eliminates the need for users to search for networks and enter passwords.

Wi-Fi Alliance developed Passpoint, also known as Hotspot 2.0, to offer a roaming experience similar to cellular that maintains uninterrupted internet access throughout automatic transitions between networks. Users can seamlessly roam and connect between a pool of Passpoint-enabled Wi-Fi networks.

How Passpoint works

A device must have a Passpoint-enabled setting to experience seamless Wi-Fi roaming. The Passpoint setting contains a unique profile for every user. When a device enters the vicinity of Passpoint access points (APs), the profile must be previously provisioned online for continual connection.

The provisioning method depends on the availability of the Passpoint version and device support. The initial sign-up process for the latest release is called Online Signup (OSU), which is a secure, automatic and one-time configuration process for the user.

Extensible Authentication Protocol (EAP) is a wireless network protocol that facilitates user configuration to gain access over a secure network. The word extensible refers to the protocol's ability to expand authentication methods for devices per support requirements.

Passpoint uses several EAP protocols for secure authentication, such as the following:

• EAP-SIM. This protocol operates on the stored credentials in the SIM card in mobile devices.
• EAP-Tunneled TLS. This protocol forms a secure tunnel for user authentication and uses EAP-Authentication and Key Agreement and EAP-TLS.

In a Passpoint network, the user device automatically sends an Access Network Query Protocol query to an AP to access the list of Passpoint providers. The AP provides the list of available networks with operator domain names to the device for authentication. The device automatically chooses the network and securely validates the server certificate. As a result, users can seamlessly access Wi-Fi.

The next time a user enters the same location, the device automatically connects to the Wi-Fi network. In addition, users can switch to any other Passpoint-compatible partner network without having to enter credentials. This means users can automatically transition from one Passpoint network to another after the initial onboarding process.

Passpoint adheres to the 802.11u standard, which is the IEEE 802.11 standard with Hotspot 2.0 capabilities. Users might not notice transitions between different networks in a Passpoint geographical area. Passpoint implements wireless encryption methods like Wi-Fi Protected Access 2 (WPA2) and WPA3 that automate user authentication, safeguard data and deliver secure internet connectivity.

Passpoint benefits and challenges

Passpoint can provide many benefits, including the following:

• Passpoint is compatible with modern OSes, such as Android, iOS, macOS and Windows.
• Passpoint is a set of protocol standards in the OpenRoaming framework and Wi-Fi Certified Vantage.
• Passpoint service providers can offload cellular data to bandwidth-intensive services.
• Features of Passpoint include Wi-Fi calling and fast download speeds.
• When users are unable to verify their profiles, Passpoint redirects them to fix the issue and can offer limited internet access to them.

Passpoint also has some disadvantages, including the following:

• Devices that don't support EAP protocols have limited access to Passpoint.
• The preconfiguration process can be lengthy.
• Passpoint lacks network availability compared with typical password-based Wi-Fi networks.
• Passpoint usage can drain a device's battery.

OpenRoaming vs. Passpoint

OpenRoaming and Passpoint are analogous to cellular network roaming. Both technologies contribute to the global wireless ecosystem. OpenRoaming is built on Passpoint. The two have many similarities because Passpoint protocols and mechanisms are applicable in the OpenRoaming framework. For example, WPA3 is an encryption standard in OpenRoaming and Passpoint.

Despite the similarities between OpenRoaming and Passpoint, they are quite different. Most differences arise based on use cases, coverage area and network requirements. Enterprises and users can choose to implement either technology based on their requirements.

OpenRoaming vs. Passpoint: Which option is better?

From the user perspective, Passpoint and OpenRoaming are the same technology, as both provide Wi-Fi roaming. But which option to choose varies from user to user, depending on the user's location, device, budget, network requirements, availability of technologies and other factors. A November 2023 WBA report said tens of millions of OpenRoaming hotspots will be enabled by 2026, with 68% of businesses planning to implement OpenRoaming or Passpoint by the end of 2024.

Enterprises and venues can choose to implement either OpenRoaming or Passpoint based on the following factors:

• Operating area.
• Network requirements.
• Cost.

Operating area

OpenRoaming covers a larger geographical area than Passpoint. WBA aims to deliver an OpenRoaming framework throughout specific areas and revamp cities into smart cities. Passpoint networks can't cover such large areas, however, so they're better deployed in enterprises and small businesses.

Network requirements

OpenRoaming is a part of the global wireless ecosystem that collaborates with internet service providers, identity providers, venue owners, operators and other stakeholders. A high number of contributors and clients can increase network congestion. Passpoint has fewer stakeholders and client devices than the OpenRoaming ecosystem, so Passpoint can offer high-speed internet with less latency over a small location.

Cost

The cost of implementing OpenRoaming is slightly higher than Passpoint because OpenRoaming enables users to maintain internet connectivity while they switch between Wi-Fi networks. However, Passpoint covers a smaller pool of networks. OpenRoaming facilitates direct network partnerships to ensure every user can connect to networks in the global wireless ecosystem.

OpenRoaming isn't always costlier, however, nor does it always have more network congestion than Passpoint. The cost of OpenRoaming and Passpoint projects can change based on the network requirements, area of coverage, scale of deployment and other considerations.

Venus Kohli is an electronics and telecommunications engineer, having completed her engineering degree from Bharati Vidyapeeth College of Engineering at Mumbai University in 2019. Kohli works as a technical writer for electronics, electrical, networking and various other technological categories.