A recent blog entry of mine on WiMAX terminals with and without support of EAP-SIM and thus SIM cards for authentication has provoked a number of interesting responses. What I take away from them is that first devices will probably not have a SIM card.
So the next logical question is how authentication is done in the absence of a SIM card!? I can see two basic approaches:
1. A device comes with a built in certificate. That’s straight forward. The user goes to a shop, buys a device, it gets activated for him and he’s set. While this is all nice and well the trouble starts when the device breaks or the user wants to use the services of another operator. No way with this model.
2. Another model would be to use a username and password to be supplied by the user. It could work in a similar fashion as with Wireless LAN today. I can also imagine user installable certificates. While both being a bit more complicated then pre-installed certificates it would preserve the flexibility the SIM card approach offers today.
I like and depend on flexibility since I travel a lot and a device locked to a single network is useless for me. While I am certainly not the average user I am sure the majority would prefer openness over being locked into a single garden.
If you have further information on this topic, please leave a comment.