In the beyond third-generation (3G) vision, the convergence of different access network technologies is realized and end-user devices are able to roam seamlessly among them. Seamless roaming requires authentication to a network, which may require interaction with an end user that results in the termination of ongoing service sessions and, therefore, inhibits seamless roaming. Furthermore, some access technologies may support a plethora of authentication protocols, making selection of the appropriate method(s) of authentication challenging for an end user. We propose a solution involving single sign-on authentication that allows the end user to roam between different administrative domains and access network technologies (e.g., wireline and wireless). Our solution integrates a number of authentication mechanisms and does not require any end-user interactions while roaming, thus enabling a seamless roaming experience. We describe a prototype implementation of this solution using General Packet Radio Service (GPRS)/Universal Mobile Telecommunications System (UMTS*)/wireless local area network (WLAN) networks and present our conclusions using measurements on this prototype. © 2005 Lucent Technologies Inc.