November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John...
-
Upload
melvyn-ball -
Category
Documents
-
view
213 -
download
0
Transcript of November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John...
November 10, 2003
EAP WG, IETF 58 1
EAP State MachinesEAP State Machines(draft-ietf-eap-statemachine-01)(draft-ietf-eap-statemachine-01)
John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba
November 10, 2003
EAP WG, IETF 58 2
OverviewOverview
• State machines for– EAP peer– EAP authenticator
• Including special cases for passthrough and backend authenticator
• Goals– Informational, not normative– Make understanding 2284bis easier– Work with 802.1X-REV state machines
November 10, 2003
EAP WG, IETF 58 3
StatusStatus
• Adopted as WG work item at IETF57
• Currently in WG last call
November 10, 2003
EAP WG, IETF 58 4
EAP peerEAP peer
• No changes since IETF57(draft-vollbrecht-eap-state-04)
November 10, 2003
EAP WG, IETF 58 5
EAP authenticatorEAP authenticator
• “Passthrough method” and “backend adapter” were difficult to understand
• New approach: three state machines– Standalone– Backend– Full (standalone + passthrough)
• No “special methods” or “adapters”
November 10, 2003
EAP WG, IETF 58 6
Standalone authenticatorStandalone authenticator
• No passthrough or AAA issues• Peer-visible behavior should
comply to this even when passthrough is used
• Interfaces to– Lower layer (matching 802.1X-REV)– EAP methods
November 10, 2003
EAP WG, IETF 58 7
Backend authenticatorBackend authenticator
• Interfaces to– AAA module (RFC3579, Diameter EAP)– EAP methods
• Differences from standalone– Sends and receives EAP messages via
AAA module instead of 1X-REV interface
– No retransmissions– First packet can be EAP Response
November 10, 2003
EAP WG, IETF 58 8
Full authenticatorFull authenticator
• Standalone with a passthrough ”switch”
• Interfaces to – Lower layer (matching 802.1X-REV)– EAP methods (when not in
passthrough mode)– AAA module (when in passthrough
mode)
November 10, 2003
EAP WG, IETF 58 9
Full & backendFull & backend
Lower layer
Full authenticator
EAPmethod
Backend authenticator
AAA
AAA interface
AAA interface
Lower layer if
Method interface
Method interface
AAA
EAPmethod
November 10, 2003
EAP WG, IETF 58 10
Full authenticatorFull authenticator
• Diagram split to two pages– 1st page: standalone authenticator +
one transition for passthrough switch– 2nd page: passthrough mode
• Single transition from page 1 to 2– …so the split should not make
reading more difficult?– …easy to see what a “passthrough-
only” authenticator does?
November 10, 2003
EAP WG, IETF 58 11
Next stepsNext steps
• Handle issues from WG last call• Publish as Informational