Presentation is loading. Please wait.

Presentation is loading. Please wait.

2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin

Published byIris Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin"— Presentation transcript:

1 2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba (yohba@tari.toshiba.com)yohba@tari.toshiba.com Alper Yegin (alper01.yegin@partner.samsung.com>)alper01.yegin@partner.samsung.com>

2 2006/7/10IETF66 RADEXT WG2 What is pre-authentication Pre-authentication is network access authentication by performing EAP authentication with a target authenticator via the serving network Pre-authentication was originally defined in IEEE 802.11i where the usage is intra-ESS transitions HOAKEY BOF (held in IETF65 and to be held in IETF66) is extending the notion of pre- authentication to work across multiple ESS ’ s and even across multiple access technologies

3 2006/7/10IETF66 RADEXT WG3 Basic pre-auth AAA requirements Requirements identified in IETF65 HOAKEY BOF –AAA needs to know that this is a pre-authentication not normal authentication User may only be allowed to have a single logon at the same time User may not be allowed pre-authentication Can pre-auth session timeout (see below) attribute serve as an indication of pre-auth or some other attribute is needed? –AAA needs to know how long to hold the session before timing out Session timeout for pre-auth may be different for normal session If the mobile moves after timeout then do normal authentication Addressed in draft-aboba-radext-wlan-03.txt What would signal that the host has successfully connected to a target network? Another round of (non-blocking) Access- Req/Accept? Or do we rely on accounting messages? If latter, then they must be mandated for pre-auth case

4 2006/7/10IETF66 RADEXT WG4 Other potential pre-authentication AAA requirements/issues

5 2006/7/10IETF66 RADEXT WG5 Extending pre-auth session lifetime Pre-authentication session lifetime may need to be extended –The MN may continue to stay in the serving network or move to some other network, while maintaining the pre-authentication session with a target authenticator Maximum pre-auth session lifetime may need to be defined in order to avoid unlimited attempts for extending pre-auth session lifetime - Is this a AAA protocol issue or a configuration issue?

6 2006/7/10IETF66 RADEXT WG6 Reverting to pre-auth state from full authorized state A session with a fully authorized state may need to be changed to a pre-auth state –This can happen when MN moves from network N1 to network N2, and goes back to N1 –MN may not want to perform pre-authentication again with N1 –Is this the same as key caching issue? Key caching lifetime management is not fully studied A complete solution for pre-authentication may solve key caching lifetime management issue as well

7 2006/7/10IETF66 RADEXT WG7 Maximum number of pre-auth sessions for different authenticators How many pre-authentication sessions for different authenticators are allowed per MN? Is this a AAA protocol issue or a configuration issue? –This may be a AAA protocol issue for indirect pre-authentication in which the serving authenticator is involved in pre-auth signaling

8 2006/7/10IETF66 RADEXT WG8 Information on the serving network AAA server may need information on the serving network from which a pre- authentication attempt is being made This information may affect the authorization decision made by AAA server This may apply to normal authentication and handover keying signaling as well

9 2006/7/10IETF66 RADEXT WG9 Calling-Station-Id What should Calling-Station-Id be in the case of inter-technology pre-authentication? –Should it be the MN’s address used for the serving network? In this case, a Calling-Station-Id may dynamically change if MN handovers to a new nerving network and still maintains the pre-authentication state with the target network –Should it be the MN’s address to be used for the target network? –Should it be null?

10 2006/7/10IETF66 RADEXT WG10 Network-initiated pre-authentication Are new AAA attributes needed to support network-initiated pre-authentication? –E.g., list of neighboring authenticators around the serving authenticator

11 2006/7/10IETF66 RADEXT WG11 Summary Pre-authentication for inter-technology handover requires thorough requirements work on both AAA and EAP lower-layer signaling –Pre-authentication is one work item of HOAKEY BOF

Download ppt "2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
21-06-xxxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-06-xxx-00-0000 Title: Pre-establishment of IP connectivity discussion Date Submitted:

21-06-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Pre-establishment of IP connectivity discussion Date Submitted:
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
7/13/061 The Problem of Handover Keying IETF 66 Montreal.

7/13/061 The Problem of Handover Keying IETF 66 Montreal.
Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Omniran-13-0032-04-0000 1 IEEE 802 Scope of OmniRAN Date: 2013-05-16 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.
IETF DMM WG Mobility Exposure and Selection WT Call#4 Feb 24, 2015.

IETF DMM WG Mobility Exposure and Selection WT Call#4 Feb 24, 2015.
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
Doc: 11-03-0763-00-0000 Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
21-07-0387-00-00011 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0387-00-0001 Title: Problem Statement for Authentication Signaling Optimization Date.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
21-06-0727-01-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0727-01-0000 Title: Proposal for IEEE 802.21 Study Group on Security Signaling Optimization.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.
21-07-xxxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-xxxx-00-0000 Title: Secure Handover with QoS Support Date Submitted: November, 14,

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxxx Title: Secure Handover with QoS Support Date Submitted: November, 14,
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-11-0053-00-0000 Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE 802.21 session.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE session.
21-07-0xxx-00-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-06-0821-01-0000 Title: Handover Procedure – Redraw of Annex Figure Date Submitted: January.

xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Handover Procedure – Redraw of Annex Figure Date Submitted: January.
EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

Similar presentations

Ads by Google