1 / 11

EAP Method Update (EMU)

EAP Method Update (EMU). Chairs Joseph Salowey ( jsalowey@cisco.com ) Alan DeKok ( aland@freeradius.org ). Note Well.

aizza
Download Presentation

EAP Method Update (EMU)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP Method Update(EMU) Chairs Joseph Salowey (jsalowey@cisco.com) Alan DeKok ( aland@freeradius.org )

  2. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: • The IETF plenary session • The IESG, or any member thereof on behalf of the IESG • Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices • Any IETF working group or portion thereof • The IAB or any member thereof on behalf of the IAB • The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879). Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details. A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.

  3. Agenda • Administrivia (5 min) • Tunnel Requirements (10 min) • draft-ietf-emu-eaptunnel-req-04.txt • Channel Binding - (30 min) • draft-ietf-emu-chbind-04.txt • ITU-T X.1034 Liaison Statement - (15 min) • https://datatracker.ietf.org/liaison/598/ • Unauthenticated Emergency Service - (15 Min) • http://tools.ietf.org/id/draft-schulzrinne-ecrit-unauthenticated-access-06.txt • EAP Session Policy - (15 min) • draft-mccann-session-policy-framework-using-eap-00.txt • Biometric Authentication (EAP-BIO) - (15 min) • draft-urien-kiennert-emu-bio-00.txt

  4. Tunnel Requirements • -04 addresses last call comments • Set of comments from Alan DeKok on 10/27 • Many Editorial Issues • Katrin Responded to most on the list

  5. Mandatory Attribute Issue 4.3.3. Mandatory and Optional Attributes The payload MUST support marking of mandatory and optional attributes, as well as a "NAK" attribute used to communicate disagreements about received attributes. Mandatory attributes are attributes that a receiver MUST process as per the specification. Optional attributes are attributes that a receiver MAY ignore. A receiver MUST process mandatory attributes before optional ones. After an attribute has been processed, it SHOULD be marked as no longer being mandatory. If a receiver does not process a mandatory attribute, it MUST ignore everything else in a request, and it MUST send a NAK attribute in response. Similarly, if a receiver expects a mandatory attribute and does not receive one in a request, it MUST send a NAK attribute in the response that contains the set of attributes it expected to receive. A peer that either sends or receives a NAK attribute MUST treat the session as failing authentication. The NAK attribute MUST support a description of which mandatory attribute is either required, or is not supported. The NAK attribute MUST be otherwise treated as an optional attribute, and it MUST NOT contain a NAK of the NAK attribute, in order to prevent infinite recursion.

  6. Next Steps • Revise Draft to address comments • Last look by working group • Send to IESG!

  7. Channel Binding

  8. ITU-T X.1034 Liaison Statement • https://datatracker.ietf.org/liaison/598/ • “Draft revised Recommendation ITU-T X.1034, Guideline on extensible authentication protocol based authentication and key management in a data communication network” • Need some reviewers

  9. Unauthenticated Emergency Services

  10. EAP Session Policy

  11. EAP-BIO

More Related