iBahn says that they're the first hospitality operator to put 802.1X across their network: iBahn's approach is, by the way, not "WPA" but WPA Enterprise. WPA Enterprise uses 802.1X to allow unique logins that are assigned unique encryption keys. The company didn't want to say WPA Enterprise when I interviewed them in July because it's a little unwieldly. T-Mobile's head and iBahn both agree that a better rubric is needed to make 802.1X and WPA Enterprise more understandable in the way that Wi-Fi signifies so much, so clearly.
iBahn spent a million dollars upgrading their network. I know that T-Mobile's costs were lower because their gear already supported multiple virtual SSIDs on the same AP; iBahn needed to swap out early gear, it seems. They operate 900 hotspots with up to 80 access points in each location as they serve the hotel market.
This line in the story doesn't make sense to me: "WPA, and its successor WPA2, distribute different keys to individual users, and will also shut down if an attack is detected." First, as noted above, this is WPA and WPA2 Enterprise, but this isn't an integral part of the standard. Perhaps iBahn is running intrusion-detection software?
Update: See comment below on WPA's attack detection. This is a pretty simple protection, but it's designed to catch spoofed frames; it's not robust intrusion detection.