Identity Selection Hints for the Extensible Authentication Protocol (EAP)
RFC 4284
| Document | Type |
RFC - Informational
(January 2006; No errata)
Was draft-adrangi-eap-network-discovery (individual in int area)
|
|
|---|---|---|---|
| Last updated | 2018-12-20 | ||
| Stream | IETF | ||
| Formats | plain text pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4284 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Margaret Cullen | ||
| Send notices to | (None) | ||
Network Working Group F. Adrangi
Request for Comments: 4284 V. Lortz
Category: Informational Intel
F. Bari
Cingular Wireless
P. Eronen
Nokia
January 2006
Identity Selection Hints for
the Extensible Authentication Protocol (EAP)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
IESG Note:
EAP Identity Selection was developed by 3GPP. Documentation is
provided as information to the Internet community. The EAP WG has
verified that this specification is compatible with EAP as defined in
RFC 3748. Required 3GPP client behavior is described in 3GPP TS
24.234.
Abstract
The Extensible Authentication Protocol (EAP) is defined in RFC 3748.
This document defines a mechanism that allows an access network to
provide identity selection hints to an EAP peer -- the end of the
link that responds to the authenticator. The purpose is to assist
the EAP peer in selecting an appropriate Network Access Identifier
(NAI). This is useful in situations where the peer does not receive
a lower-layer indication of what network it is connecting to, or when
there is no direct roaming relationship between the access network
and the peer's home network. In the latter case, authentication is
typically accomplished via a mediating network such as a roaming
consortium or broker.
The mechanism defined in this document is limited in its scalability.
It is intended for access networks that have a small to moderate
number of direct roaming partners.
Adrangi, et al. Informational [Page 1]
RFC 4284 Identity Selection Hints for EAP January 2006
Table of Contents
1. Introduction ....................................................2
1.1. Relationship with Other Specifications .....................3
1.2. Applicability ..............................................3
1.3. Terminology ................................................4
2. Implementation Requirements .....................................4
2.1. Packet Format ..............................................5
3. Security Considerations .........................................6
4. Acknowledgements ................................................7
5. Appendix - Delivery Options .....................................8
6. References .....................................................12
6.1. Normative References ......................................12
6.2. Informative References ....................................12
1. Introduction
The Extensible Authentication Protocol (EAP) is defined in [RFC3748].
An EAP peer (hereafter, also referred to as the peer) may have
multiple credentials. Where the lower layer does not provide an
indication of which network it is connecting to, or where its home
network may have roaming relationships with several mediating
networks, the peer may be uncertain of which Network Access
Identifier (NAI) to include in an EAP-Response/Identity.
This document defines a mechanism that allows the access network to
provide an EAP peer with identity selection hints, including
information about its roaming relationships. This information is
sent to the peer in an EAP-Request/Identity message by appending it
after the displayable message and a NUL character.
This mechanism may assist the peer in selecting a credential and
associated NAI, or in formatting the NAI [RFC4282] to facilitate
routing of Authentication, Authorization, and Accounting (AAA)
messages to the home AAA server. If there are several mediating
networks available, the peer can influence which one is used.
Exactly how the selection is made by the peer depends largely on the
peer's local policy and configuration, and is outside the scope of
this document. For example, the peer could decide to use one of its
other identities, decide to switch to another access network, or
attempt to reformat its NAI [RFC4282] to assist in proper AAA
routing. The exact client behavior is described by standard bodies
using this specification such as 3GPP [TS-24.234].
Section 2 describes the required behavior of implementations,
including the format for identity hints.
Adrangi, et al. Informational [Page 2]
Show full document text