Identity Selection Hints for the Extensible Authentication Protocol (EAP)
RFC 4284
Document | Type |
RFC - Informational
(January 2006; No errata)
Was draft-adrangi-eap-network-discovery (individual in int area)
|
|
---|---|---|---|
Authors | Farid Adrangi , Farooq Bari , Pasi Eronen , Victor Lortz | ||
Last updated | 2018-12-20 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4284 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | (None) |
Network Working Group F. Adrangi Request for Comments: 4284 V. Lortz Category: Informational Intel F. Bari Cingular Wireless P. Eronen Nokia January 2006 Identity Selection Hints for the Extensible Authentication Protocol (EAP) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). IESG Note: EAP Identity Selection was developed by 3GPP. Documentation is provided as information to the Internet community. The EAP WG has verified that this specification is compatible with EAP as defined in RFC 3748. Required 3GPP client behavior is described in 3GPP TS 24.234. Abstract The Extensible Authentication Protocol (EAP) is defined in RFC 3748. This document defines a mechanism that allows an access network to provide identity selection hints to an EAP peer -- the end of the link that responds to the authenticator. The purpose is to assist the EAP peer in selecting an appropriate Network Access Identifier (NAI). This is useful in situations where the peer does not receive a lower-layer indication of what network it is connecting to, or when there is no direct roaming relationship between the access network and the peer's home network. In the latter case, authentication is typically accomplished via a mediating network such as a roaming consortium or broker. The mechanism defined in this document is limited in its scalability. It is intended for access networks that have a small to moderate number of direct roaming partners. Adrangi, et al. Informational [Page 1] RFC 4284 Identity Selection Hints for EAP January 2006 Table of Contents 1. Introduction ....................................................2 1.1. Relationship with Other Specifications .....................3 1.2. Applicability ..............................................3 1.3. Terminology ................................................4 2. Implementation Requirements .....................................4 2.1. Packet Format ..............................................5 3. Security Considerations .........................................6 4. Acknowledgements ................................................7 5. Appendix - Delivery Options .....................................8 6. References .....................................................12 6.1. Normative References ......................................12 6.2. Informative References ....................................12 1. Introduction The Extensible Authentication Protocol (EAP) is defined in [RFC3748]. An EAP peer (hereafter, also referred to as the peer) may have multiple credentials. Where the lower layer does not provide an indication of which network it is connecting to, or where its home network may have roaming relationships with several mediating networks, the peer may be uncertain of which Network Access Identifier (NAI) to include in an EAP-Response/Identity. This document defines a mechanism that allows the access network to provide an EAP peer with identity selection hints, including information about its roaming relationships. This information is sent to the peer in an EAP-Request/Identity message by appending it after the displayable message and a NUL character. This mechanism may assist the peer in selecting a credential and associated NAI, or in formatting the NAI [RFC4282] to facilitate routing of Authentication, Authorization, and Accounting (AAA) messages to the home AAA server. If there are several mediating networks available, the peer can influence which one is used. Exactly how the selection is made by the peer depends largely on the peer's local policy and configuration, and is outside the scope of this document. For example, the peer could decide to use one of its other identities, decide to switch to another access network, or attempt to reformat its NAI [RFC4282] to assist in proper AAA routing. The exact client behavior is described by standard bodies using this specification such as 3GPP [TS-24.234]. Section 2 describes the required behavior of implementations, including the format for identity hints. Adrangi, et al. Informational [Page 2]Show full document text