The new genertion of WiFi equipment supports WPA (WiFi Protected Access) a version of the IETF's EAP protocol, so that superior key authentication with different keys for each user and the keys are much harder to crack. In corporate networks, the keys can be fetched via RADIUS -- effectively allowing a single login password to provide all network access securely.
That's great, but not enough has been done that I have seen to make a good user interface for the home network. I set up family member's wireless networks with WEP keys and its a pain even for a skilled person. When a person visits my house and wants wireless access I need to key in a 32byte hex string.
For home networks, how about a nice simple protocol. When a new device attempts to connect to the network, note that. Then let the user go to the web configuration page for their access point. There it will list the new devices that have tried to get on the net. There will probably be only one. If the user clicks to approve it, transmit the WEP key back to that new device (encrypted with a public key the device provided) so it can now join the network. Possibly with reduced permissions, but that's a bonus.
The main goal is plug and play (or near to it) joining of the encrypted network in the ordinary home. If there are multiple APs, they can share the key with WPA or other protocols. Or frankly, it's not even a giant burden to have to confirm the new user to all the APs, since most homes don't have more than one. (Mine does, I can't get the signal to go from one corner of my house to the other.)
Want to make it even easier for the unskilled home user? Put a button on the access point. Push it, then the new laptop will ask for a key. A light will go on if one and one one device asked for access, and the laptop will confirm it. Then push the button again and the laptop gets a permanent key for access then and in the future. Of course a web interface is cheaper than a button and clearer but this is dirt simple. If two devices try to get access, then you get an error and have to try again or go to the web interface, but this would be rare and a sign that perhaps somebody was trying to sneak in.