Protocol for Carrying Authentication for Network Access (PANA) Requirements
RFC 4058
Document | Type | RFC - Informational (May 2005; No errata) | |
---|---|---|---|
Authors | Cliff Wang , Alper Yegin , Reinaldo Penno , George Tsirtsis , Yoshihiro Ohba | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4058 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Thomas Narten | ||
Send notices to | (None) |
Network Working Group A. Yegin, Ed. Request for Comments: 4058 Samsung AIT Category: Informational Y. Ohba Toshiba R. Penno Juniper Networks G. Tsirtsis Flarion C. Wang ARO/NCSU May 2005 Protocol for Carrying Authentication for Network Access (PANA) Requirements Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract It is expected that future IP devices will have a variety of access technologies to gain network connectivity. Currently there are access-specific mechanisms for providing client information to the network for authentication and authorization purposes. In addition to being limited to specific access media (e.g., 802.1X for IEEE 802 links), some of these protocols are limited to specific network topologies (e.g., PPP for point-to-point links). The goal of this document is to identify the requirements for a link-layer agnostic protocol that allows a host and a network to authenticate each other for network access. This protocol will run between a client's device and an agent in the network where the agent might be a client of the AAA infrastructure. Yegin, et al. Informational [Page 1] RFC 4058 PANA Requirements May 2005 Table of Contents 1. Introduction ....................................................3 2. Requirements Notation ...........................................3 3. Terminology .....................................................4 4. Requirements ....................................................4 4.1. Authentication .............................................4 4.1.1. Authentication of Client ............................4 4.1.2. Authorization, Accounting, and Access Control .......6 4.1.3. Authentication Backend ..............................7 4.1.4. Identifiers .........................................7 4.2. IP Address Assignment ......................................7 4.3. EAP Lower Layer Requirements ...............................7 4.4. PAA-to-EP Protocol .........................................8 4.5. Network ....................................................8 4.5.1. Multi-access ........................................8 4.5.2. Disconnect Indication ...............................8 4.5.3. Location of PAA .....................................9 4.5.4. Secure Channel ......................................9 4.6. Interaction with Other Protocols ..........................10 4.7. Performance ...............................................10 4.8. Congestion Control ........................................10 4.9. IP Version Independence ...................................10 4.10. Denial of Service Attacks ................................10 4.11. Client Identity Privacy ..................................10 5. Security Considerations ........................................11 6. Acknowledgements ...............................................11 A. Problem Statement ..............................................12 B. Usage Scenarios ................................................13 References ........................................................16 Normative References ...........................................16 Informative References .........................................16 Yegin, et al. Informational [Page 2] RFC 4058 PANA Requirements May 2005 1. Introduction Secure network access service requires access control based on the authentication and authorization of the clients and the access networks. Initial and subsequent client-to-network authentication provides parameters that are needed to police the traffic flow through the enforcement points. A protocol is needed to carry authentication parameters between the client and the access network. See Appendix A for the associated problem statement.Show full document text