Identity Selection Hints for the Extensible Authentication Protocol (EAP)
RFC 4284

Document Type RFC - Informational (January 2006; No errata)
Was draft-adrangi-eap-network-discovery (individual in int area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4284 (Informational)
Telechat date
Responsible AD Margaret Wasserman
Send notices to (None)
Network Working Group                                         F. Adrangi
Request for Comments: 4284                                      V. Lortz
Category: Informational                                            Intel
                                                                 F. Bari
                                                       Cingular Wireless
                                                               P. Eronen
                                                                   Nokia
                                                            January 2006

                     Identity Selection Hints for
              the Extensible Authentication Protocol (EAP)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

IESG Note:

   EAP Identity Selection was developed by 3GPP.  Documentation is
   provided as information to the Internet community.  The EAP WG has
   verified that this specification is compatible with EAP as defined in
   RFC 3748.  Required 3GPP client behavior is described in 3GPP TS
   24.234.

Abstract

   The Extensible Authentication Protocol (EAP) is defined in RFC 3748.
   This document defines a mechanism that allows an access network to
   provide identity selection hints to an EAP peer -- the end of the
   link that responds to the authenticator.  The purpose is to assist
   the EAP peer in selecting an appropriate Network Access Identifier
   (NAI).  This is useful in situations where the peer does not receive
   a lower-layer indication of what network it is connecting to, or when
   there is no direct roaming relationship between the access network
   and the peer's home network.  In the latter case, authentication is
   typically accomplished via a mediating network such as a roaming
   consortium or broker.

   The mechanism defined in this document is limited in its scalability.
   It is intended for access networks that have a small to moderate
   number of direct roaming partners.

Adrangi, et al.              Informational                      [Page 1]
RFC 4284            Identity Selection Hints for EAP        January 2006

Table of Contents

   1. Introduction ....................................................2
      1.1. Relationship with Other Specifications .....................3
      1.2. Applicability ..............................................3
      1.3. Terminology ................................................4
   2. Implementation Requirements .....................................4
      2.1. Packet Format ..............................................5
   3. Security Considerations .........................................6
   4. Acknowledgements ................................................7
   5. Appendix - Delivery Options .....................................8
   6. References .....................................................12
      6.1. Normative References ......................................12
      6.2. Informative References ....................................12

1.  Introduction

   The Extensible Authentication Protocol (EAP) is defined in [RFC3748].
   An EAP peer (hereafter, also referred to as the peer) may have
   multiple credentials.  Where the lower layer does not provide an
   indication of which network it is connecting to, or where its home
   network may have roaming relationships with several mediating
   networks, the peer may be uncertain of which Network Access
   Identifier (NAI) to include in an EAP-Response/Identity.

   This document defines a mechanism that allows the access network to
   provide an EAP peer with identity selection hints, including
   information about its roaming relationships.  This information is
   sent to the peer in an EAP-Request/Identity message by appending it
   after the displayable message and a NUL character.

   This mechanism may assist the peer in selecting a credential and
   associated NAI, or in formatting the NAI [RFC4282] to facilitate
   routing of Authentication, Authorization, and Accounting (AAA)
   messages to the home AAA server.  If there are several mediating
   networks available, the peer can influence which one is used.

   Exactly how the selection is made by the peer depends largely on the
   peer's local policy and configuration, and is outside the scope of
   this document.  For example, the peer could decide to use one of its
   other identities, decide to switch to another access network, or
   attempt to reformat its NAI [RFC4282] to assist in proper AAA
   routing.  The exact client behavior is described by standard bodies
   using this specification such as 3GPP [TS-24.234].
Show full document text