EAP State Machines

IETF 56 - March 19, 2003

John Vollbrecht jrv@umich.edu

Nick Petroni npetroni@cs.umd.edu

EAP State Machine

• EAP State Machine page http://www.cs.umd.edu/~npetroni/EAP/• EAP State machine Draft

– http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.ps

– http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.txt

EAP State Machinetopics

• State machine “style”– 802.1x coordination

• Variables, transitions and states• EAP Mux model• Peer State Machine• Authenticator State Machine• Pass thru• Methods - silent discard vs NAK• Policy functions and decisions

State Machine Style

• 802.1x format to allow coordination with 802.1x state machine

• Other formats have been tried

EAP MUX Model

EAP method2

EAP method1

EAP method1

EAP Switch

link

EAP Switch

link

peer Authenticator

EAP method2

Peer State Diagram (07)

Authenticator State Machine (07)

Pass thru

EAP method1

EAP method

EAP method1

EAP method

passthru

EAP Switch

link

EAP Switch

EAP Switch

EAP Switch

link RADIUS RADIUS

Client AP AAA

Methods - silent discard vs NAK• Should Requests for new method be accepted in the

middle of another method– Talked about yesterday– In Peer machine see STRICT from method– Alternatively see Policy.allow if Strict is not used

• Should Success/ Failure be Discarded in the middle of a method

• Should Methods be able to do method Integrity Checks• Method State and implementations

– Silent discard requires knowing “state” of method

Policy Functions

• Policy Functions determine– Policy.allow

• What methods are allowed when

– Policy.isSatisfied• Is Policy Successful and Complete

– Policy.getNextMethod• Get next method

EAP State Machine- next steps

• Clean up depending on resolution of issues

• Add policy function examples

• Resolve issues with 2284 bis– Incorporate into 2284bis?

• Add state machines for Pass-thru to 2869bis

• Other?