Seamless Wireless Access for Employees in Multiple Organizations
Question
Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations.
Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.B.
http://archive.oreilly.com/pub/a/wireless/2005/01/01/authentication.htmlThe correct answer is B. RADIUS federation.
When multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations, they need to implement a common authentication and authorization mechanism for their wireless networks. In this scenario, all organizations are using the native 802.1x client on their mobile devices, which is a standard protocol for port-based network access control.
To achieve seamless wireless access, the organizations can implement RADIUS federation. RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for remote access to network resources. RADIUS federation allows multiple organizations to share their RADIUS servers to provide authentication and authorization services for their users across different wireless networks.
In RADIUS federation, each organization maintains its own RADIUS server, which contains user credentials and access policies. When a user from one organization tries to access the wireless network of another organization, the RADIUS server of the visited organization forwards the authentication request to the RADIUS server of the user's home organization. The user's home RADIUS server performs the authentication and authorization process and sends the result back to the visited RADIUS server. If the user is authorized, the visited RADIUS server grants access to the wireless network.
The other options are not suitable for this scenario:
A. Shibboleth is a federated identity solution that enables single sign-on (SSO) across multiple web applications. It is not designed for wireless network authentication.
C. SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between parties. It is commonly used for web-based SSO. It is not designed for wireless network authentication.
D. OAuth (Open Authorization) is a standard for delegated authentication and authorization. It is commonly used for web-based API access. It is not designed for wireless network authentication.
E. OpenID Connect is a standard for web-based SSO that builds on top of OAuth. It is not designed for wireless network authentication.
