EAP State Machines
IETF 56 - March 19, 2003
John Vollbrecht [email protected]
Nick Petroni [email protected]
EAP State Machine
• EAP State Machine page
http://www.cs.umd.edu/~npetroni/EAP/
• EAP State machine Draft
– http://www.ietf.org/internet-drafts/draft-vollbrecht-eapstate-01.ps
– http://www.ietf.org/internet-drafts/draft-vollbrecht-eapstate-01.txt
EAP State Machine
topics
• State machine “style”
– 802.1x coordination
•
•
•
•
•
•
•
Variables, transitions and states
EAP Mux model
Peer State Machine
Authenticator State Machine
Pass thru
Methods - silent discard vs NAK
Policy functions and decisions
State Machine Style
• 802.1x format to allow coordination with
802.1x state machine
• Other formats have been tried
EAP MUX Model
peer
EAP
method1
Authenticator
EAP
method2
EAP
Switch
link
EAP
method1
EAP
method2
EAP
Switch
link
Peer State Diagram (07)
Authenticator State Machine (07)
Pass thru
Client
EAP
method
EAP
method1
AP
AAA
EAP
method1
EAP
method
passthru
EAP
Switch
link
EAP
Switch
link
EAP
Switch
RADIUS
EAP
Switch
RADIUS
Methods - silent discard vs NAK
• Should Requests for new method be accepted in the
middle of another method
– Talked about yesterday
– In Peer machine see STRICT from method
– Alternatively see Policy.allow if Strict is not used
• Should Success/ Failure be Discarded in the middle of
a method
• Should Methods be able to do method Integrity Checks
• Method State and implementations
– Silent discard requires knowing “state” of method
Policy Functions
• Policy Functions determine
– Policy.allow
• What methods are allowed when
– Policy.isSatisfied
• Is Policy Successful and Complete
– Policy.getNextMethod
• Get next method
EAP State Machine- next steps
• Clean up depending on resolution of issues
• Add policy function examples
• Resolve issues with 2284 bis
– Incorporate into 2284bis?
• Add state machines for Pass-thru to 2869bis
• Other?