Re: [Captive-portals] Improve the user experience of captive portals as they're commonly understood and currently deployed
"James Wood" <james.wood@purplewifi.com> Tue, 18 April 2017 15:15 UTC
Return-Path: <james.wood@purplewifi.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C8F912EC6D for <captive-portals@ietfa.amsl.com>; Tue, 18 Apr 2017 08:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=purplewifi-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjoFS2kc-w2h for <captive-portals@ietfa.amsl.com>; Tue, 18 Apr 2017 08:15:50 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F495128DE5 for <captive-portals@ietf.org>; Tue, 18 Apr 2017 08:15:50 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id r190so17652214wme.1 for <captive-portals@ietf.org>; Tue, 18 Apr 2017 08:15:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purplewifi-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=czvtFeMpS60h4Pepv61aRYXJVTrwYXc5JVd7BVdySW8=; b=OaBp78dK+399selyha2z67hiJF+biZ1L5wa2wSNREwICHY5T03RDRJJey4ofRFlKhS I1KuQCnmwApVQoh8cGuYPot1AnrOa2usj4Q5dibXAAykAtQiEUsSUn+H3hHt7jnFHQBW JgQj2u6z1MEG2M7EwzP4jgyMElBxELddgbuio7N+Dtyji0HZuSNoeTEpud+5sd0g7VEA Yh3fh8lqAGZpXpyDN6IByQavgvQhXw5Ke63avusS8wArEKETkIYxo7FIlODdegeFd5km 3tW3YTF+keTxXFkc14pLKwBQk8xSwFvBQIbWJIKZFosVM+BxyZrH3evDuxrq99expxTQ ss4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=czvtFeMpS60h4Pepv61aRYXJVTrwYXc5JVd7BVdySW8=; b=iV/b9wt1SzjsoAzabaa37c/5WkFBbQ0ixZljhibybc6HxWwva2w23fwhGjZPTRURo+ cqpBB/CyA5F67SK8ic+92IlxG+18sUeLvjnXfJ8ZGliQ0hEBBRM768zxf0rcsiIcigtK lT5nRmCkpf/cdogqUbbz4QU+LPaa7Vx8x3v5cwhFUpEtTJYTfabfZUSEdaqwZpiokXHk R8rqrDWGiUZW4Eb7Rfs6L/wZWD9HOhsu1PpgFTIX2nNvlINErp/3I4fvyV872uBns9ne RRg/BQ3GE/dLty1Ee5d+9zyYfW6Xe5aHjlYj+fVtTVC4XzLQPHUjGzOxeGhtHvVIf48P 3nuw==
X-Gm-Message-State: AN3rC/6Qo85cEBYJaikhcccfk59J2frcf5CXxnTb/B3sauhrL5dhMilD JJKoOOVHBT1nahR74t8=
X-Received: by 10.28.211.210 with SMTP id k201mr13485437wmg.129.1492528548514; Tue, 18 Apr 2017 08:15:48 -0700 (PDT)
Received: from PWJ ([88.97.18.78]) by smtp.googlemail.com with ESMTPSA id m4sm19230189wrm.4.2017.04.18.08.15.47 for <captive-portals@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Apr 2017 08:15:47 -0700 (PDT)
From: James Wood <james.wood@purplewifi.com>
To: captive-portals@ietf.org
Date: Tue, 18 Apr 2017 16:15:45 +0100
Message-ID: <025c01d2b856$a716c030$f5444090$@purplewifi.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdK4Tx9E3tt82TjHT2KfbupylAxASA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/xgxxj6rhd-sQdZf4-t3cLazJipM>
Subject: Re: [Captive-portals] Improve the user experience of captive portals as they're commonly understood and currently deployed
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 15:21:08 -0000
Hi First of all, great progress appears to have been made with 7710 and capport/icmp-unreach. Good job! As a global WiFi provider I would like add our thoughts on the discussions to date along with my personal views of the problems/challenges we face with captive portals today. I'm hoping I can contribute to this WG by expressing views from the 'other side', and why captive portals are still important to WiFi operators. Most providers including ourselves require a portal to be displayed for a number of reasons. Many have already been covered but to confirm, some countries require (legally) to capture certain information (such as a valid mobile/cell number to validate it's a real person/device), or accept T&C's/Privacy policies in respect of the country the hostpot is located. Other reasons are for advertising, providing seamless logins (i.e. we know the MAC of the device so we can bypass the portal page and instead present a welcome back page). But, the real reason most providers insist on a user going through a portal is to understand who is using their free wifi. There has to be some payback to the operator/customer and data capture is this. They may not use the data to market, but just look at how many people connect and at what times of day etc, or they may send promotional emails to users who login etc. So, captive portals are great as a way to onboard and capture some details. That said, we face daily challenges with captive portals. To name a few: 1. Security. Nobody prefers to join an open network, but most end up doing because that's the way it is. The hype around Hotspot 2.0 came and went as that was never really deisgned to help captive portals but rather for seamless, non-interaction from the user. As a portal provider, we don't want that, we want to show a portal even if it's just a 'welcome back, you're now online' message. 2. More devices/browers/web servers are defaulting to checking/redirecting to a HTTPs URL. As you know, when in a captive portal/walled garden state, this will cause a problem because you can't intercept a HTTPs request (rightly so!) to a captive portal page without a browser/certificate warning. This breaks everything from the end user perspective. 3. Built-in OS captive popups provide limited browser functionality/cookies/etc. When trying to offer login options like Facebook, it can really affect the user experience when cookies are not permitted or other features disabled. The behaviour is also different per device. In Android 5.0+, the captive portal window immediately dissappears when the user is authenticated. This is a pain for us as we want to display a "you are now online" page, or redirect the user to a landing page with information etc. 4. Walled garden. It's a nightmare having to manage lists of domains/IP's across all the different vendors kit out there. For example to offer a social login through Facebook we need to allow certain domains like facebook.com, akamaihd.net and connect.facebook.net etc. This is all static lists inside an AP/controller, and would be a nightmare to update should Facebook change the URLs they send authentication requests throught etc. How about some way to dynamicly pass back a list of domains as part of the DHCP option or some other way to allow the operator to set the required domains at time of connection? Or, how about, as part of the capport API, we are able to send a list of domains back to the AP, so if someone chooses Facebook, we open the Facebook domains for that MAC for a few minutes to allow them to login. Other thoughts... I had a look at "draft-wkumari-capport-icmp-unreach-02". I note that it describes the example URL that could be returned as part of the captive portal URL: https://wifi.domain.com/portal?icmp_session=10&policy_class=100. However, what about the other traditional parameters that a captive portal redirect injects? As a minimum, we need the ap_mac, client_mac and login_url to which we post the login request back to (traditional captive portal login request). Without such parameters, we cannot identify the venue/ap/client and provide the relevant portal splash page and user specific options. I may have misunderstood this? Does anyone here see Hotspot 2.0 (release 2 or further in particular) and OSU as the answer? I don't think I do. It just doesn't seem to help us as a provider but instead tries to be around getting the user online as quickly and without any interaction. Providers are all for making it easy for users to on board, but they need to get something out of it to make it pay. I am more than willing to take any questions and offer as much insight as I can. Thanks James
- [Captive-portals] Improve the user experience of … David Bird
- Re: [Captive-portals] Improve the user experience… David Bird
- Re: [Captive-portals] Improve the user experience… Erik Kline
- Re: [Captive-portals] Improve the user experience… Kyle Larose
- Re: [Captive-portals] Improve the user experience… James Wood
- Re: [Captive-portals] Improve the user experience… Michael Richardson