The Wi-Fi industry has worked hard for years to avoid unencrypted Wi-Fi hotspots with captive portals. We have promoted secure Passpoint-based Wi-Fi. And now, thanks to OpenRoaming, when the critical mass of Passpoint-based Wi-Fi networks are finally here; many Wi-Fi network owners do not want users to fly onto their secure Passpoint-based networks without interaction. They want to engage with users to promote offers and give information.

But, contrary to common belief, it is quite possible to engage with users and provide them with location-based offers in Passpoint Wi-Fi networks such as OpenRoaming.

The traditional Wi-Fi hotspot Captive Portal is a popular vehicle to engage with users online, showing banner and video adverts and capturing user’s profiles through short surveys.

The automatic and secure onboarding of Wi-Fi users in Passpoint Wi-Fi hotspots, such as OpenRoaming, eliminates the need for Captive Portals. The users are already authenticated and authorized, so there is no need to stop them from accessing the Internet.

Standardization bodies have recognized that the need for portals has not vanished in the Passpoint and OpenRoaming era. Passpoint release three (R3) specifies a venue portal URL meant to be used by the ANP to engage with users. Until the Passpoint R3 standard has reached a critical mass in device support, the Captive Portal API (RFC 8908, 8910) can be used as it features a Venue portal URL.

From a user experience point of view, a popup system message is showing on the lock screen, the system messages, and the actual network details page. The Venue Portal URL is displayed with a message, and clicking the link will send the user to the venue portal. For iPhones (iOS17), the message is currently only showing on the network details page.

Engage Users Through Email / SMS

Advanced Wi-Fi service management systems such as Enea Aptilo Service Management Platform (SMP) do not only have support for OpenRoaming and all EAP authentication methods, including SIM authentication. They also have marketing features to engage users by sending SMS or email:

• To a user automatically onboarded to the Wi-Fi network while entering the venue.
• To a user dwelling for a specific time at a particular Wi-Fi hotspot.
• To a user who has visited a specific hotspot on a particular day and time.

Getting Users Consent for Marketing

As discussed, OpenRoaming may enable the ANP to get proofed user identities from the IDPs in the form of emails or mobile numbers. These data are referred to as personally identifiable information (PII). It is very tempting for an ANP to use these details to send commercial messages to the roaming user. However, this is currently not allowed by the OpenRoaming baseline privacy policy.

Identity Providers and Access Network Providers can overrule the OpenRoaming baseline privacy policy by obtaining consent from the end user. The consent must be clear and specific and inform the user exactly how the PII will be used.

The user must also explicitly consent to the use of PII for any marketing activities.

Note that an ANP can never deny access to a user refusing to agree with the ANP’s extended terms unless it is necessary in order to comply with
applicable law.

It is good practice, and in many countries, a legal requirement to ensure proper user consent and personal data management, such as the one offered with Enea Aptilo SMP. Look for a consent and personal data management solution compliant with the European GDPR. Europe has one of the strongest privacy regulations in the world.