Protocol for Carrying Authentication for Network Access (PANA) Framework
RFC 5193
Document Type RFC - Informational (May 2008; No errata)
Authors Rafael Marin-Lopez  , Prakash Jayaraman  , Alper Yegin  , Mohan Parthasarathy  , Yoshihiro Ohba 
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5193 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Mark Townsley
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                       P. Jayaraman
Request for Comments: 5193                                       Net.Com
Category: Informational                                         R. Lopez
                                                         Univ. of Murcia
                                                            Y. Ohba, Ed.
                                                                 Toshiba
                                                        M. Parthasarathy
                                                                   Nokia
                                                                A. Yegin
                                                                 Samsung
                                                                May 2008

Protocol for Carrying Authentication for Network Access (PANA) Framework

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   This document defines the general Protocol for Carrying
   Authentication for Network Access (PANA) framework functional
   elements, high-level call flow, and deployment environments.

Table of Contents

   1. Introduction ....................................................2
      1.1. Specification of Requirements ..............................2
   2. General PANA Framework ..........................................2
   3. Call Flow .......................................................5
   4. Environments ....................................................6
   5. Security Considerations .........................................8
   6. Acknowledgments .................................................8
   7. References ......................................................8
      7.1. Normative References .......................................8
      7.2. Informative References .....................................9

Jayaraman, et al.            Informational                      [Page 1]
RFC 5193                     PANA Framework                     May 2008

1.  Introduction

   PANA (Protocol for carrying Authentication for Network Access) is a
   link-layer agnostic network access authentication protocol that runs
   between a client that wants to gain access to the network and a
   server on the network side.  PANA defines a new Extensible
   Authentication Protocol (EAP) [RFC3748] lower layer that uses IP
   between the protocol end points.

   The motivation to define such a protocol and the requirements are
   described in [RFC4058].  Protocol details are documented in
   [RFC5191].  Upon following a successful PANA authentication, per-
   data-packet security can be achieved by using physical security,
   link-layer ciphering, or IPsec [PANA-IPSEC].  The server
   implementation of PANA may or may not be colocated with the entity
   enforcing the per-packet access control function.  When the server
   for PANA and per-packet access control entities are separate, a
   protocol (e.g., [ANCP-PROTO]) may be used to carry information
   between the two nodes.

   PANA is intended to be used in any access network regardless of the
   underlying security.  For example, the network might be physically
   secured, or secured by means of cryptographic mechanisms after the
   successful client-network authentication.  While it is mandatory for
   a PANA deployment to implement behavior that ensures the integrity of
   PANA messages when the EAP method produces MSK, it is not mandatory
   to implement support for network security at the link-layer or
   network-layer.

   This document defines the general framework for describing how these
   various PANA and other network access authentication elements
   interact with each other, especially considering the two basic types
   of deployment environments (see Section 4).

1.1.  Specification of Requirements

   In this document, several words are used to signify the requirements
   of the specification.  These words are often capitalized.  The key
   words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
   "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
   are to be interpreted as described in [RFC2119].

2.  General PANA Framework

   PANA is designed to facilitate the authentication and authorization
   of clients in access networks.  PANA is an EAP [RFC3748] lower layer
   that carries EAP authentication methods encapsulated inside EAP
   between a client node and a server in the access network.  While PANA

Jayaraman, et al.            Informational                      [Page 2]
RFC 5193                     PANA Framework                     May 2008

   enables the authentication process between the two entities, it is
   only a part of an overall AAA (Authentication, Authorization and
   Accounting) and access control framework.  A AAA and access control
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools