As mobile devices, such as portable computers and mobile phones, continue to become more popular and users have multiple devices, there is an increasing move towards having one global digital identity which can be used when roaming and for guest network access, as well as for a network single sign-on experience. Typically, a user has different passphrases and keys for home network access, and businesses setup temporary guest accounts for visitor access, or provide open, unsecure networks for guest access. Mobile users typically have to remember multiple passwords and identities per site, such as when business or academic users travel to different cities or campuses. Hotspot providers, such as hotels, coffee shops, and airports subscribe to expensive monthly services for configuring and maintaining networks that provide Internet access to travelers, guests, and customers.
A network access server (NAS) traditionally uses RADIUS servers for authentication and authorization decisions based on a user account database or directory for an organization, and is normally associated with and managed within a single security domain. Cross-domain authentication can be accomplished using realm-based routing at a proxy Radius server, but this limits providing a user with a single sign-on across security trust domains.