Table of Contents
List of Figures
List of Tables
1. Overview
1.1 Scope
1.2 References
1.3 Definitions, abbreviations and acronyms
1.3.1 Definitions
1.3.2 Abbreviations and Acronyms
2. Hotspot 2.0 Device, Operator and Service Provider requirements
2.1 Required AP Capabilities
2.2 Required Mobile Device Capabilities
2.3 Requirements for Hotspot Operators
2.4 Requirements for Service Providers
3. Element and frame definitions
3.1 Element definitions
3.1.1 HS2.0 Indication element
3.1.2 OSU Server-only authenticated layer 2 Encryption Network element
3.1.3 WFA anonymous client 802.1X AKM
3.2 Frame definitions
3.2.1 WNM-Notification Request frames
3.2.1.1 Subscription Remediation subelement
3.2.1.2 Deauthentication Imminent Notice subelement
4. Hotspot 2.0 ANQP-elements
4.1 HS Query List element
4.2 HS Capability List element
4.3 Operator Friendly Name element
4.4 WAN Metrics element
4.5 Connection Capability element
4.6 NAI Home Realm Query element
4.7 Operating Class Indication element
4.8 OSU Providers List element
4.8.1 OSU Provider subfield
4.8.1.1 OSU Friendly Name
4.8.1.2 OSU Server URI
4.8.1.3 OSU Method list
4.8.1.4 Icons Available
4.8.1.5 OSU_NAI
4.8.1.6 OSU Service Description
4.9 Icon Request element
4.10 Icon Binary File element
5. Hotspot procedures and protocols
5.1 Layer 2 traffic inspection and filtering
5.2 Downstream forwarding of group-addressed frames by the AP
5.3 Proxy ARP service
5.4 SSID configuration procedures for hotspots offering online sign up
5.4.1 Open OSU ESS
5.4.2 OSEN OSU ESS
5.5 Hotspot procedures for free public hotspots
6. Mobile device procedures
6.1 Discovery state procedures
6.1.1 Home SP identification and connecting to Home SP hotspot
6.1.2 Mobile device support for user preferences
6.2 Registration state procedures
6.3 Provisioning state procedures
6.4 Access state procedures
6.4.1 Subscription expiry
6.4.2 Expiry of the subscription update timer
6.4.3 Expiry of the policy update timer
6.4.4 EAP authentication failure
6.4.5 Association failure
6.5 Filtering frames encrypted using the GTK
7. Online sign up and certificate management
7.1 Overview and goals
7.2 Trust model
7.3 Public key certificate types
7.3.1 Certificate Authority trust root certificates
7.3.2 OSU server certificate
7.3.2.1 Composition of OSU server certificate
7.3.2.2 Processing of OSU server certificate
7.3.3 AAA server certificate
7.3.3.1 Composition of AAA server certificate
7.3.3.2 Processing of AAA server certificate
7.3.4 AAA server certificate used with WFA Anonymous EAP-TLS
7.3.4.1 Composition of AAA server certificate used with WFA Anonymous EAP-TLS
7.3.4.2 Processing of AAA server certificate used with WFA Anonymous EAP-TLS
7.3.5 Subscription remediation server certificate
7.3.5.1 Composition of subscription remediation server certificate
7.3.5.2 Processing of subscription remediation server certificate
7.3.6 Policy server certificates
7.3.6.1 Composition of policy server certificate
7.3.6.2 Processing of policy server certificate
7.4 Message overview for online sign up
7.5 OSU operational requirements
7.6 Certificate enrollment and provisioning
7.6.1 Simple PKI enrollment using EST
7.6.2 Restricted use of HS2.0 client certificate
7.6.3 Processing of mobile device credentials
7.6.4 Certificate enrollment message flow
7.7 Anonymous EAP-TLS
8. Subscription provisioning
8.1 Overview
8.1.1 Subscription access restrictions
8.1.2 Subscription credential provisioning options
8.1.3 Subscription remediation
8.1.4 Subscription management web content
8.1.5 Policy provisioning and update
8.2 Mobile device management tree
8.3 Provisioning using OMA DM
8.3.1 Overview
8.3.2 Subscription provisioning
8.3.2.1 Provisioning username and password credentials
8.3.2.2 Provisioning certificate credentials
8.3.2.3 Provisioning using mobile device provided certificates
8.3.3 Subscription management
8.3.3.1 Machine remediation when a mobile device has username and password credentials
8.3.3.2 User remediation when a mobile device has username and password
8.3.3.3 User remediation when a mobile device has certificate credentials
8.3.3.4 Updating a certificate credential
8.3.3.5 Updating a certificate credential when the UsernamePassword node is present
8.3.4 Policy provisioning
8.3.4.1 Policy provisioning and update with username and password credentials
8.3.4.2 Policy provisioning and update with certificate credentials
8.4 Provisioning using SOAP XML
8.4.1 Overview
8.4.2 Subscription provisioning
8.4.2.1 Provisioning username and password credentials
8.4.2.2 Provisioning certificate credentials
8.4.2.3 Provisioning using mobile device provided certificates
8.4.3 Subscription management
8.4.3.1 Machine remediation when a mobile device has username and password credentials
8.4.3.2 User remediation when a mobile device has username and password credentials
8.4.3.3 Machine remediation when a mobile device has certificate credentials
8.4.3.4 User remediation when a mobile device has certificate credentials
8.4.3.5 Updating a certificate credential
8.4.3.6 Updating a certificate credential when UsernamePassword node is Present
8.4.4 Policy provisioning
8.4.4.1 Policy provisioning and update with username and password credentials
8.4.4.2 Policy provisioning and update with certificate credentials
8.5 Provisioning of a mobile device that has a SIM card
8.5.1 Initial subscription metadata and policy provisioning using OMA DM
8.5.2 Initial subscription metadata and policy provisioning using SOAP XML
9. Management objects
9.1 PerProviderSubscription MO
9.1.1 Graphical representation
9.1.2 Node descriptions
9.2 DevDetail MO vendor specific extensions
9.2.1 Graphical representation
9.2.2 Node descriptions
Annex A : Messages and definitions
A.1 OMA DM messages and definitions
A.1.1 Generic Alert (informative)
A.1.2 Exec command (informative)
A.1.3 Add command (informative)
A.1.4 Replace command (informative)
A.1.5 Status Management element (informative)
A.1.6 OMA DM elements (normative)
A.2 OMA DM messages – examples (informative)
A.2.1 DM package 1 (mobile device to server)
A.2.2 DM package 2 (server to mobile device)
A.2.3 DM package 3 (mobile device to server)
A.2.4 DM package 4 – Exec:getCertificate (server to mobile device)
A.2.5 DM package 3 (mobile device to server)
A.2.6 DM package 4 (server to mobile device)
A.3 SOAP XML messages and definitions
A.3.1 The sppPostDevData SOAP method
A.3.2 The sppPostDevDataResponse SOAP method
A.3.3 The sppUpdateResponse SOAP Method
A.3.4 The sppExchangeComplete SOAP Method
A.3.5 The getCertificate XML Instance Document
A.3.6 Web Services Description Language (WSDL)
Annex B : Example GAS Query using ANQP Query List and HS Query List (informative)
B.1 Example 1: 3GPP Cellular Network and the Operator Friendly Name
B.2 Example 2: Icon Request
Annex C : SP policy network connection (informative)
C.1 Example Network Selection Flowchart
C.2 Example Network Selection Scenarios
C.2.1 Network Selection Scenarios Connecting to a Home Network
C.2.1.1 Scenario #1
C.2.1.2 Scenario #2
C.2.1.3 Scenario #3
C.2.2 Network Selection Scenarios in which OI is required
C.2.2.1 Scenario #4
C.2.3 Network Selection Scenarios with Home SP Policy
C.2.3.1 Scenario #5
C.2.3.2 Scenario #6
Annex D : Wi-Fi Alliance Vendor-Specific RADIUS attributes (informative)
D.1 Wi-Fi Alliance Vendor-Specific RADIUS attribute sub-type formats
D.1.1 HS2.0 subscription remediation needed
D.1.2 HS2.0 AP version
D.1.3 HS2.0 mobile device version
D.1.4 HS2.0 deauthentication request
D.1.5 HS2.0 session information URL
Annex E : Standardized OSU registration flow (normative)
E.1 General
E.2 OSU Registration Flow
E.3 OSU Registration Schema
E.3.1 The RegistrationProtocol element
E.3.2 ServerGroup element group
E.3.2.1 LoginCouponOption element
E.3.2.2 LoginUsernameOption element
E.3.2.3 SubscriptionPlans element
E.3.2.4 BillingOptions element
E.3.2.5 BillingRoomNumberOption element
E.3.2.6 TermsAndConditions element
E.3.2.7 ServerExtensions element
E.3.3 ClientGroup element group
E.3.3.1 LoginUsernameInfo element
E.3.3.2 LoginCouponInfo element
E.3.3.3 SubscriptionPlanSelection element
E.3.3.4 BillingInfo
E.3.3.5 BillingHotelRoomInfo element
E.3.3.6 ClientExtensions element
E.3.4 The StatusGroup element
E.3.4.1 StatusCode element
E.3.4.2 StatusText element
E.4 XML schema
E.5 Example transaction 1