EAP State Machines
IETF 56 - March 19, 2003
John Vollbrecht [email protected]
Nick Petroni [email protected]
EAP State Machine
• EAP State Machine page http://www.cs.umd.edu/~npetroni/EAP/• EAP State machine Draft
– http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.ps
– http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.txt
EAP State Machinetopics
• State machine “style”– 802.1x coordination
• Variables, transitions and states• EAP Mux model• Peer State Machine• Authenticator State Machine• Pass thru• Methods - silent discard vs NAK• Policy functions and decisions
State Machine Style
• 802.1x format to allow coordination with 802.1x state machine
• Other formats have been tried
EAP MUX Model
EAP method2
EAP method1
EAP method1
EAP Switch
link
EAP Switch
link
peer Authenticator
EAP method2
Peer State Diagram (07)
Authenticator State Machine (07)
Pass thru
EAP method1
EAP method
EAP method1
EAP method
passthru
EAP Switch
link
EAP Switch
EAP Switch
EAP Switch
link RADIUS RADIUS
Client AP AAA
Methods - silent discard vs NAK• Should Requests for new method be accepted in the
middle of another method– Talked about yesterday– In Peer machine see STRICT from method– Alternatively see Policy.allow if Strict is not used
• Should Success/ Failure be Discarded in the middle of a method
• Should Methods be able to do method Integrity Checks• Method State and implementations
– Silent discard requires knowing “state” of method
Policy Functions
• Policy Functions determine– Policy.allow
• What methods are allowed when
– Policy.isSatisfied• Is Policy Successful and Complete
– Policy.getNextMethod• Get next method
EAP State Machine- next steps
• Clean up depending on resolution of issues
• Add policy function examples
• Resolve issues with 2284 bis– Incorporate into 2284bis?
• Add state machines for Pass-thru to 2869bis
• Other?
Top Related