EAP-based Mediating Network Selection Copyright © 2003, The Internet Society Farid Adrangi Intel Corporation ( ) ACKNOWLEDGEMENTS: JOE SALOWEY MARK GRAYSON – Cisco VICTOR LORTZ, JOSE PUTHENKULAM, - INTEL CORPORATION, MARCO SPINI – Telecom Italia MARK WATSON – Nortel, PASI ERONEN – NOKIA, FAROOQ BARI – AT&T Wireless JOHANNA WILD – MOTOROLA, BLAIR BULLOCK – iPass, ADRIAN BUCKLEY - Rim JARI ARKKO – ERICSSON, BERNARD ABOBA - Microsoft draft-adrangi-eap-network-discovery-and-selection-01.txt

Use-case 1 – WLAN client moves into a Hotspot advertising the client’s HSN SSID T-mobile Hotspot HSN T-mobile Orange - WLAN client is subscribed with T-mobile HSN - WLAN client moves into a hotspot with T-mobile and Orange ANs - WLAN client recognizes the HSN SSID (e.g., T-Mobile) - WLAN client associates with the HSN SSID, and then authenticates with its HSN by using its root NAI and home credential T-Mobile Subscriber

Use-case 2 – WLAN client moves into a Hotspot advertising one or more of WLAN client’s HSN Roaming Partner SSID(s) but not its HSN SSID Hotspot HSN T-mobile Orange - WLAN client is subscribed with T-mobile HSN - WLAN client moves into a hotspot with an ANs owned/managed by Orange & Wayport - WLAN client recognizes that its HSN SSID is not present, however it recognizes that the Orange and Wayport SSIDs have direct roaming relationship with its HSN - WLAN associates with the preferred AN, and authenticates with its HSN by using its root NAI and home credential Wayport T-Mobile Subscriber

Use-case 3 – WLAN client moves into a Hotspot advertising only Unrecognized SSIDs (Continued) Hotspot T-mobile McDonalds Mediating Network 2 Mediating Network 3 Wayport Orange AnyISP Mediating Network 1 ORANGE: The Unrecognized SSID belongs to a Roaming partner of HSN that was not provisioned into the WLAN client McDonalds The Unrecognized SSIDs belong to an operator that does not have a direct or indirect business relationship with the WLAN client’s HSN. In this case the WLAN client can not be authenticated through this SSID. Wayport: The Unrecognized SSID belongs to an operator who is a roaming partner of HSN’s roaming partner and.AN T-Mobile Subscriber

Problem Scope Access Network Selection –How does a WLAN client choose a SSID to associate with an AN where there are more than one available SSID in the hotspot? Mediating Network Selection –How does WLAN client influence routing of AAA packets through a roaming partner where the Access Network is not owned by the HSN, and it does not have a direct roaming relationship with the HSN?

Solution For each Scenario Use-casesAN SelectionMediating Network Selection 1 – WLAN client moves into a Hotspot advertising the client’s HSN SSID Home SSID NA 2 – WLAN client moves into a Hotspot advertising one or more of WLAN client’s HSN Roaming Partner SSID(s) but not its HSN SSID Roaming Partner SSIDNA 3 – WLAN client moves into a Hotspot advertising only Unrecognized SSIDs Associate with each available SSID and perform mediating network discovery with the available SSIDs until an SSID that has direct connection to HSN has been found If an SSID that has direct connection to HSN is not found, then the WLAN UE shall attempt to select an SSID that has connection to one of the Mediating Networks in the preferred mediating Network lists.

Proposed Solution for Mediating Network Selection Using EAP-based signaling

Solution Properties Complies with RFC 2284bis and uses RFC 2486bis bang syntax It may not require any changes to Access Points (AP) already deployed in Access Networks (AN) Uses the EAP-Identity Request to deliver Network Information, preferably from the local AAA proxy/server Type-Data Field of Identity Request: \0 Realms=gric.com;mnc123.mcc334.3gppnetwork.org

Backup Slides

Agenda Use-case scenarios for network selection Problem Scope Solution for use-case scenarios Proposed Solution for Mediating Network Selection Next Steps

WLAN Client WLAN client has been provisioned by its Home Service Network (HSN) for the following: –Username and Initial Credential –HSN SSIDs and Roaming partners SSIDs –Preferred Mediating Network names

EAP-Identity Request There are three possible options of delivering Network Information using an EAP- Identity Request : –Use the initial EAP-Identity Request issued by the PWLAN AP –Use a subsequent EAP-Identity Request issued by the PWLAN RADIUS proxy –Use the initial EAP-Identity Request issued by PWLAN RADIUS proxy

Initial EAP-Identity Request issued by the PWLAN AP Subscriber AP PWLAN RADIUS Proxy MN RADIUS Proxy HSN RADIUS Server EAP-Identity Req (Network Info) EAP-Identity Resp (Decorated NAI ) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Normal NAI) More EAP Over RADIUS Exchanges Access-Accept EAP-Success

Subscriber AP PWLAN RADIUS Proxy MN RADIUS Proxy HSN RADIUS Server EAP-Identity Req EAP-Identity Resp (Normal NAI) Access-Req (EAP-Identity Resp+ Normal NAI) Access-Challenge (EAP-Identity Req+ Network Info) EAP-Identity Req (Network Info) EAP-Identity Resp (Decorated NAI) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Normal NAI) More EAP Over RADIUS Exchanges Access-Accept EAP-Success Subsequent EAP-Identity Request issued by the PWLAN RADIUS Proxy

Subscriber AP PWLAN RADIUS Proxy MN RADIUS Proxy HSN RADIUS Server Association Access-Req (EAP-Start) Access-Challenge (EAP-Identity Req+ Network Info) EAP-Identity Req (Network Info) EAP-Identity Resp (Decorated NAI) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Decorated NAI) Access-Req (EAP-Identity Resp+ Normal NAI) More EAP Over RADIUS Exchanges Access-Accept EAP-Success Initial EAP-Identity Request issued by the PWLAN RADIUS Proxy

NAI Construction for Mediating Network Selection Complies with RFC-2486bis Uses mediating REALM, instead of WLAN client’s home REALM. Examples, given a user’s NAI : Then, the constructed NAI can be represented as :

Next Steps How should we proceed with this draft?