draft-ietf-pana-statemachine-07.txt   draft-ietf-pana-statemachine-08.txt 
PANA Working Group V. Fajardo, Ed. PANA Working Group V. Fajardo, Ed.
Internet-Draft Y. Ohba Internet-Draft Y. Ohba
Expires: April 25, 2009 TARI Expires: June 7, 2009 TARI
R. Lopez R. Lopez
Univ. of Murcia Univ. of Murcia
October 22, 2008 December 4, 2008
State Machines for Protocol for Carrying Authentication for Network State Machines for Protocol for Carrying Authentication for Network
Access (PANA) Access (PANA)
draft-ietf-pana-statemachine-07 draft-ietf-pana-statemachine-08
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 25, 2009. This Internet-Draft will expire on June 7, 2009.
Abstract Abstract
This document defines the conceptual state machines for the Protocol This document defines the conceptual state machines for the Protocol
for Carrying Authentication for Network Access (PANA). The state for Carrying Authentication for Network Access (PANA). The state
machines consist of the PANA Client (PaC) state machine and the PANA machines consist of the PANA Client (PaC) state machine and the PANA
Authentication Agent (PAA) state machine. The two state machines Authentication Agent (PAA) state machine. The two state machines
show how PANA can interface with the EAP state machines. The state show how PANA can interface with the EAP state machines. The state
machines and associated model are informative only. Implementations machines and associated model are informative only. Implementations
may achieve the same results using different methods. may achieve the same results using different methods.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Document Authority . . . . . . . . . . . . . . . . . . . . . . 7 3. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 7
4. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. Document Authority . . . . . . . . . . . . . . . . . . . . . . 9
5. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 10 5. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 10 6. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 12 6.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 12
5.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 14 6.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 14
5.4. Common Message Initialization Rules . . . . . . . . . . . 14 6.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 16
5.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 14 6.4. Common Message Initialization Rules . . . . . . . . . . . 16
5.6. Common State Transitions . . . . . . . . . . . . . . . . . 14 6.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 16
6. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 16 6.6. Common State Transitions . . . . . . . . . . . . . . . . . 16
6.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 16 7. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 18
6.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 16 7.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 18
6.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 16 7.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 18
6.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 16 7.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 18
6.1.4. EAP Authentication Result Notification from EAP 7.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 18
Peer to PaC . . . . . . . . . . . . . . . . . . . . . 17
6.1.5. Alternate Failure Notification from PaC to EAP Peer . 17
6.2. Constants . . . . . . . . . . . . . . . . . . . . . . . . 17
6.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 17
6.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 18
6.5. PaC State Transition Table . . . . . . . . . . . . . . . . 18
7. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 24
7.1. Interface between PAA and EAP Authenticator . . . . . . . 24
7.1.1. EAP Restart Notification from PAA to EAP
Authenticator . . . . . . . . . . . . . . . . . . . . 24
7.1.2. Delivering EAP Responses from PAA to EAP
Authenticator . . . . . . . . . . . . . . . . . . . . 24
7.1.3. Delivering EAP Messages from EAP Authenticator to
PAA . . . . . . . . . . . . . . . . . . . . . . . . . 24
7.1.4. EAP Authentication Result Notification from EAP 7.1.4. EAP Authentication Result Notification from EAP
Authenticator to PAA . . . . . . . . . . . . . . . . . 24 Peer to PaC . . . . . . . . . . . . . . . . . . . . . 19
7.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 25 7.1.5. Alternate Failure Notification from PaC to EAP Peer . 19
7.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 26 7.2. Constants . . . . . . . . . . . . . . . . . . . . . . . . 19
7.4. PAA State Transition Table . . . . . . . . . . . . . . . . 26 7.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 19
8. Implementation Considerations . . . . . . . . . . . . . . . . 31 7.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 20
8.1. PAA and PaC Interface to Service Management Entity . . . . 31 7.5. PaC State Transition Table . . . . . . . . . . . . . . . . 20
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 8. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 26
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 8.1. Interface between PAA and EAP Authenticator . . . . . . . 26
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34 8.1.1. EAP Restart Notification from PAA to EAP
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Authenticator . . . . . . . . . . . . . . . . . . . . 26
12.1. Normative References . . . . . . . . . . . . . . . . . . . 35 8.1.2. Delivering EAP Responses from PAA to EAP
12.2. Informative References . . . . . . . . . . . . . . . . . . 35 Authenticator . . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36 8.1.3. Delivering EAP Messages from EAP Authenticator to
Intellectual Property and Copyright Statements . . . . . . . . . . 37 PAA . . . . . . . . . . . . . . . . . . . . . . . . . 26
8.1.4. EAP Authentication Result Notification from EAP
Authenticator to PAA . . . . . . . . . . . . . . . . . 26
8.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 27
8.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 28
8.4. PAA State Transition Table . . . . . . . . . . . . . . . . 28
9. Implementation Considerations . . . . . . . . . . . . . . . . 33
9.1. PAA and PaC Interface to Service Management Entity . . . . 33
10. Security Considerations . . . . . . . . . . . . . . . . . . . 34
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37
13.1. Normative References . . . . . . . . . . . . . . . . . . . 37
13.2. Informative References . . . . . . . . . . . . . . . . . . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 38
Intellectual Property and Copyright Statements . . . . . . . . . . 39
1. Introduction 1. Introduction
This document defines the state machines for Protocol Carrying This document defines the state machines for Protocol Carrying
Authentication for Network Access (PANA) [RFC5191]. There are state Authentication for Network Access (PANA) [RFC5191]. There are state
machines for the PANA client (PaC) and for the PANA Authentication machines for the PANA client (PaC) and for the PANA Authentication
Agent (PAA). Each state machine is specified through a set of Agent (PAA). Each state machine is specified through a set of
variables, procedures and a state transition table. variables, procedures and a state transition table.
A PANA protocol execution consists of several exchanges to carry A PANA protocol execution consists of several exchanges to carry
skipping to change at page 5, line 5 skipping to change at page 6, line 5
The details of EAP state machines are out of the scope of this The details of EAP state machines are out of the scope of this
document. Additional information can be found in [RFC4137]. document. Additional information can be found in [RFC4137].
Nevertheless PANA state machines presented here have been coordinated Nevertheless PANA state machines presented here have been coordinated
with state machines shown by [RFC4137]. with state machines shown by [RFC4137].
This document, apart from defining PaC and PAA state machines and This document, apart from defining PaC and PAA state machines and
their interfaces to EAP state machines (running on top of PANA), their interfaces to EAP state machines (running on top of PANA),
provides some implementation considerations, taking into account that provides some implementation considerations, taking into account that
it is not a specification but an implementation guideline. it is not a specification but an implementation guideline.
2. Interface Between PANA and EAP 2. Terminology
This document reuses the terminology used in [RFC5191].
3. Interface Between PANA and EAP
PANA carries EAP messages exchanged between an EAP peer and an EAP PANA carries EAP messages exchanged between an EAP peer and an EAP
authenticator (see Figure 1). Thus a PANA state machine interacts authenticator (see Figure 1). Thus a PANA state machine interacts
with an EAP state machine. with an EAP state machine.
Two state machines are defined in this document : the PaC state Two state machines are defined in this document : the PaC state
machine (see Section 6) and the PAA state machine (see Section 7). machine (see Section 7) and the PAA state machine (see Section 8).
The definition of each state machine consists of a set of variables, The definition of each state machine consists of a set of variables,
procedures and a state transition table. A subset of these variables procedures and a state transition table. A subset of these variables
and procedures defines the interface between a PANA state machine and and procedures defines the interface between a PANA state machine and
an EAP state machine and the state transition table defines the PANA an EAP state machine and the state transition table defines the PANA
state machine behavior based on results obtained through them. state machine behavior based on results obtained through them.
On the one hand, the PaC state machine interacts with an EAP peer On the one hand, the PaC state machine interacts with an EAP peer
state machine in order to carry out the PANA protocol on the PaC state machine in order to carry out the PANA protocol on the PaC
side. On the other hand, the PAA state machine interacts with an EAP side. On the other hand, the PAA state machine interacts with an EAP
authenticator state machine to run the PANA protocol on the PAA side. authenticator state machine to run the PANA protocol on the PAA side.
skipping to change at page 7, line 5 skipping to change at page 9, line 5
and only the first three interfaces are of interest to PANA. The and only the first three interfaces are of interest to PANA. The
second and third interfaces are the same. In this regard, the EAP second and third interfaces are the same. In this regard, the EAP
standalone authenticator or the EAP full authenticator and its state standalone authenticator or the EAP full authenticator and its state
machine in [RFC4137] are referred to as the EAP authenticator and the machine in [RFC4137] are referred to as the EAP authenticator and the
EAP authenticator state machine, respectively, in this document. If EAP authenticator state machine, respectively, in this document. If
an EAP peer and an EAP authenticator follow the state machines an EAP peer and an EAP authenticator follow the state machines
defined in [RFC4137], the interfaces between PANA and EAP could be defined in [RFC4137], the interfaces between PANA and EAP could be
based on that document. Detailed definition of interfaces between based on that document. Detailed definition of interfaces between
PANA and EAP are described in the subsequent sections. PANA and EAP are described in the subsequent sections.
3. Document Authority 4. Document Authority
When a discrepancy occurs between any part of this document and any When a discrepancy occurs between any part of this document and any
of the related documents ([RFC5191], [RFC4137] the latter (the other of the related documents ([RFC5191], [RFC4137] the latter (the other
documents) are considered authoritative and takes precedence. documents) are considered authoritative and takes precedence.
4. Notations 5. Notations
The following state transition tables are completed mostly based on The following state transition tables are completed mostly based on
the conventions specified in [RFC4137]. The complete text is the conventions specified in [RFC4137]. The complete text is
described below. described below.
State transition tables are used to represent the operation of the State transition tables are used to represent the operation of the
protocol by a number of cooperating state machines each comprising a protocol by a number of cooperating state machines each comprising a
group of connected, mutually exclusive states. Only one state of group of connected, mutually exclusive states. Only one state of
each machine can be active at any given time. each machine can be active at any given time.
skipping to change at page 10, line 5 skipping to change at page 12, line 5
(including exit conditions defined for the wildcard state) are (including exit conditions defined for the wildcard state) are
evaluated until an exit condition for that state is met. evaluated until an exit condition for that state is met.
Any event variable is set to TRUE when the corresponding event occurs Any event variable is set to TRUE when the corresponding event occurs
and set to FALSE immediately after completion of the action and set to FALSE immediately after completion of the action
associated with the current state and the event. associated with the current state and the event.
The interpretation of the special symbols and operators used is The interpretation of the special symbols and operators used is
defined in [RFC4137]. defined in [RFC4137].
5. Common Rules 6. Common Rules
There are following procedures, variables, message initializing rules There are following procedures, variables, message initializing rules
and state transitions that are common to both the PaC and PAA state and state transitions that are common to both the PaC and PAA state
machines. machines.
Throughout this document, the character string "PANA_MESSAGE_NAME" Throughout this document, the character string "PANA_MESSAGE_NAME"
matches any one of the abbreviated PANA message names, i.e., "PCI", matches any one of the abbreviated PANA message names, i.e., "PCI",
"PAR", "PAN", "PTR", "PTA", "PNR", "PNA". "PAR", "PAN", "PTR", "PTA", "PNR", "PNA".
5.1. Common Procedures 6.1. Common Procedures
void None() void None()
A null procedure, i.e., nothing is done. A null procedure, i.e., nothing is done.
void Disconnect() void Disconnect()
A procedure to delete the PANA session as well as the A procedure to delete the PANA session as well as the
corresponding EAP session and authorization state. corresponding EAP session and authorization state.
skipping to change at page 10, line 39 skipping to change at page 12, line 39
TRUE if authorization is successful. Otherwise, it returns FALSE. TRUE if authorization is successful. Otherwise, it returns FALSE.
It is assumed that Authorize() procedure of PaC state machine It is assumed that Authorize() procedure of PaC state machine
always returns TRUE. In the case that a non-key-generating EAP always returns TRUE. In the case that a non-key-generating EAP
method is used but a PANA SA is required after successful method is used but a PANA SA is required after successful
authentication (generate_pana_sa() returns TRUE), Authorize() authentication (generate_pana_sa() returns TRUE), Authorize()
procedure must return FALSE. procedure must return FALSE.
void Tx:PANA_MESSAGE_NAME[flag](AVPs) void Tx:PANA_MESSAGE_NAME[flag](AVPs)
A procedure to send a PANA message to its peering PANA entity. A procedure to send a PANA message to its peering PANA entity.
The "flag" argment contains a flag (e.g., Tx:PAR[C]) to be set to The "flag" argument contains a flag (e.g., Tx:PAR[C]) to be set to
the message, except for 'R' (Request) flag. The "AVPs" contains a the message, except for 'R' (Request) flag. The "AVPs" contains a
list of names of optional AVPs to be inserted in the message, list of names of optional AVPs to be inserted in the message,
except for AUTH AVP. except for AUTH AVP.
This procedure includes the following action before actual This procedure includes the following action before actual
transmission: transmission:
if (flag==S) if (flag==S)
PANA_MESSAGE_NAME.S_flag=Set; PANA_MESSAGE_NAME.S_flag=Set;
if (flag==C) if (flag==C)
PANA_MESSAGE_NAME.C_flag=Set; PANA_MESSAGE_NAME.C_flag=Set;
if (flag==A) if (flag==A)
PANA_MESSAGE_NAME.A_flag=Set; PANA_MESSAGE_NAME.A_flag=Set;
if (flag==P) if (flag==P)
PANA_MESSAGE_NAME.P_flag=Set; PANA_MESSAGE_NAME.P_flag=Set;
PANA_MESSAGE_NAME.insert_avp(AVPs); PANA_MESSAGE_NAME.insert_avp(AVPs);
if (key_availble()) if (key_available())
PANA_MESSAGE_NANE.insert_avp("AUTH"); PANA_MESSAGE_NANE.insert_avp("AUTH");
void TxEAP() void TxEAP()
A procedure to send an EAP message to the EAP state machine it A procedure to send an EAP message to the EAP state machine it
interfaces to. interfaces to.
void RtxTimerStart() void RtxTimerStart()
A procedure to start the retransmission timer, reset RTX_COUNTER A procedure to start the retransmission timer, reset RTX_COUNTER
skipping to change at page 12, line 34 skipping to change at page 14, line 34
PAA in PAR[S] message. For the PAA, it is used to indicate PAA in PAR[S] message. For the PAA, it is used to indicate
whether a PRF and Integrity algorithm AVPs will be sent in the whether a PRF and Integrity algorithm AVPs will be sent in the
PAR[S]. This procedure will return true if a PANA SA will be PAR[S]. This procedure will return true if a PANA SA will be
generated. Otherwise, it returns FALSE. generated. Otherwise, it returns FALSE.
boolean key_available() boolean key_available()
A procedure to check whether the PANA session has a PANA_AUTH_KEY. A procedure to check whether the PANA session has a PANA_AUTH_KEY.
If the state machine already has a PANA_AUTH_KEY, it returns TRUE. If the state machine already has a PANA_AUTH_KEY, it returns TRUE.
If the state machine does not have a PANA_AUTH_KEY, it tries to If the state machine does not have a PANA_AUTH_KEY, it tries to
retrieve a AAA-Key from the EAP entity. If a AAA-Key is retrieve an MSK from the EAP entity. If an MSK is retrieved, it
retrieved, it computes a PANA_AUTH_KEY from the AAA-Key and computes a PANA_AUTH_KEY from the MSK and returns TRUE.
returns TRUE. Otherwise, it returns FALSE. Otherwise, it returns FALSE.
5.2. Common Variables 6.2. Common Variables
PAR.RESULT_CODE PAR.RESULT_CODE
This variable contains the Result-Code AVP value in the PANA-Auth- This variable contains the Result-Code AVP value in the PANA-Auth-
Request message in process. When this variable carries Request message in process. When this variable carries
PANA_SUCCESS it is assumed that the PAR message always contains an PANA_SUCCESS it is assumed that the PAR message always contains an
EAP-Payload AVP which carries an EAP-Success message. EAP-Payload AVP which carries an EAP-Success message.
NONCE_SENT NONCE_SENT
skipping to change at page 14, line 9 skipping to change at page 16, line 9
Session-Lifetime AVP if present in the last PANA-Auth-Request Session-Lifetime AVP if present in the last PANA-Auth-Request
message in the case of the PaC. Otherwise, it is assumed that the message in the case of the PaC. Otherwise, it is assumed that the
value is infinite and therefore has no expiration. Expiration of value is infinite and therefore has no expiration. Expiration of
LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT
to be set. to be set.
ANY ANY
This event variable is set to TRUE when any event occurs. This event variable is set to TRUE when any event occurs.
5.3. Constants 6.3. Constants
RTX_MAX_NUM RTX_MAX_NUM
Configurable maximum for how many retransmissions should be Configurable maximum for how many retransmissions should be
attempted before aborting. attempted before aborting.
5.4. Common Message Initialization Rules 6.4. Common Message Initialization Rules
When a message is prepared for sending, it is initialized as follows: When a message is prepared for sending, it is initialized as follows:
o For a request message, R-flag of the header is set. Otherwise, o For a request message, R-flag of the header is set. Otherwise,
R-flag is not set. R-flag is not set.
o Other message header flags are not set. They are set explicitly o Other message header flags are not set. They are set explicitly
by specific state machine actions. by specific state machine actions.
o AVPs that are mandatory included in a message are inserted with o AVPs that are mandatory included in a message are inserted with
appropriate values set. appropriate values set.
5.5. Common Retransmition Rules 6.5. Common Retransmition Rules
The state machines defined in this document assumes that the PaC and The state machines defined in this document assumes that the PaC and
the PAA caches the last transmitted answer message. This scheme is the PAA caches the last transmitted answer message. This scheme is
described in Sec 5.2 of [RFC5191]. When the PaC or PAA receives a described in Sec 5.2 of [RFC5191]. When the PaC or PAA receives a
re-transmitted or duplicate request, it would be able to re-send the re-transmitted or duplicate request, it would be able to re-send the
corresponding answer without any aid from the EAP layer. However, to corresponding answer without any aid from the EAP layer. However, to
simplify the state machine description, this caching scheme is simplify the state machine description, this caching scheme is
omitted in the state machines below. In the case that there is not omitted in the state machines below. In the case that there is not
corresponding answer to a re-transmitted request, the request will be corresponding answer to a re-transmitted request, the request will be
handled by the corresponding statemachine. handled by the corresponding statemachine.
5.6. Common State Transitions 6.6. Common State Transitions
The following transitions can occur at any state with exemptions The following transitions can occur at any state with exemptions
explicitly noted. explicitly noted.
---------- ----------
State: ANY State: ANY
---------- ----------
Exit Condition Exit Action Exit State Exit Condition Exit Action Exit State
------------------------+--------------------------+------------ ------------------------+--------------------------+------------
skipping to change at page 16, line 5 skipping to change at page 18, line 5
------------- -------------
State: CLOSED State: CLOSED
------------- -------------
Exit Condition Exit Action Exit State Exit Condition Exit Action Exit State
------------------------+--------------------------+------------ ------------------------+--------------------------+------------
- - - - - - - -(Catch all event on closed state) - - - - - - - - - - - - - - - -(Catch all event on closed state) - - - - - - - -
ANY None(); CLOSED ANY None(); CLOSED
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6. PaC State Machine 7. PaC State Machine
6.1. Interface between PaC and EAP Peer 7.1. Interface between PaC and EAP Peer
This interface defines the interactions between a PaC and an EAP This interface defines the interactions between a PaC and an EAP
peer. The interface serves as a mechanism to deliver EAP messages peer. The interface serves as a mechanism to deliver EAP messages
for the EAP peer. It allows the EAP peer to receive EAP requests and for the EAP peer. It allows the EAP peer to receive EAP requests and
send EAP responses via the PaC. It also provides a mechanism to send EAP responses via the PaC. It also provides a mechanism to
notify the EAP peer of PaC events and a mechanism to receive notify the EAP peer of PaC events and a mechanism to receive
notification of EAP peer events. The EAP message delivery mechanism notification of EAP peer events. The EAP message delivery mechanism
as well as the event notification mechanism in this interface have as well as the event notification mechanism in this interface have
direct correlation with the PaC state transition table entries. direct correlation with the PaC state transition table entries.
These message delivery and event notifications mechanisms occur only These message delivery and event notifications mechanisms occur only
within the context of their associated states or exit actions. within the context of their associated states or exit actions.
6.1.1. Delivering EAP Messages from PaC to EAP Peer 7.1.1. Delivering EAP Messages from PaC to EAP Peer
TxEAP() procedure in the PaC state machine serves as the mechanism to TxEAP() procedure in the PaC state machine serves as the mechanism to
deliver EAP messages contained in PANA-Auth-Request messages to the deliver EAP messages contained in PANA-Auth-Request messages to the
EAP peer. This procedure is enabled only after an EAP restart event EAP peer. This procedure is enabled only after an EAP restart event
is notified to the EAP peer and before any event resulting in a is notified to the EAP peer and before any event resulting in a
termination of the EAP peer session. In the case where the EAP peer termination of the EAP peer session. In the case where the EAP peer
follows the EAP peer state machine defined in [RFC4137], TxEAP() follows the EAP peer state machine defined in [RFC4137], TxEAP()
procedure sets eapReq variable of the EAP peer state machine and puts procedure sets eapReq variable of the EAP peer state machine and puts
the EAP request in eapReqData variable of the EAP peer state machine. the EAP request in eapReqData variable of the EAP peer state machine.
6.1.2. Delivering EAP Messages from EAP Peer to PaC 7.1.2. Delivering EAP Messages from EAP Peer to PaC
An EAP message is delivered from the EAP peer to the PaC via An EAP message is delivered from the EAP peer to the PaC via
EAP_RESPONSE event variable. The event variable is set when the EAP EAP_RESPONSE event variable. The event variable is set when the EAP
peer passes the EAP message to its lower-layer. In the case where peer passes the EAP message to its lower-layer. In the case where
the EAP peer follows the EAP peer state machine defined in [RFC4137], the EAP peer follows the EAP peer state machine defined in [RFC4137],
EAP_RESPONSE event variable refers to eapResp variable of the EAP EAP_RESPONSE event variable refers to eapResp variable of the EAP
peer state machine and the EAP message is contained in eapRespData peer state machine and the EAP message is contained in eapRespData
variable of the EAP peer state machine. variable of the EAP peer state machine.
6.1.3. EAP Restart Notification from PaC to EAP Peer 7.1.3. EAP Restart Notification from PaC to EAP Peer
The EAP peer state machine defined in [RFC4137] has an initialization The EAP peer state machine defined in [RFC4137] has an initialization
procedure before receiving an EAP message. To initialize the EAP procedure before receiving an EAP message. To initialize the EAP
state machine, the PaC state machine defines an event notification state machine, the PaC state machine defines an event notification
mechanism to send an EAP (re)start event to the EAP peer. The event mechanism to send an EAP (re)start event to the EAP peer. The event
notification is done via EAP_Restart() procedure in the notification is done via EAP_Restart() procedure in the
initialization action of the PaC state machine. initialization action of the PaC state machine.
6.1.4. EAP Authentication Result Notification from EAP Peer to PaC 7.1.4. EAP Authentication Result Notification from EAP Peer to PaC
In order for the EAP peer to notify the PaC of an EAP authentication In order for the EAP peer to notify the PaC of an EAP authentication
result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In
the case where the EAP peer follows the EAP peer state machine the case where the EAP peer follows the EAP peer state machine
defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables
refer to eapSuccess and eapFail variables of the EAP peer state refer to eapSuccess and eapFail variables of the EAP peer state
machine, respectively. In this case, if EAP_SUCCESS event variable machine, respectively. In this case, if EAP_SUCCESS event variable
is set to TRUE and a AAA-Key is generated by the EAP authentication is set to TRUE and an MSK is generated by the EAP authentication
method in use, eapKeyAvailable variable is set to TRUE and eapKeyData method in use, eapKeyAvailable variable is set to TRUE and eapKeyData
variable contains the AAA-Key. Note that EAP_SUCCESS and EAP_FAILURE variable contains the MSK. Note that EAP_SUCCESS and EAP_FAILURE
event variables may be set to TRUE even before the PaC receives a PAR event variables may be set to TRUE even before the PaC receives a PAR
with a 'Complete' flag set from the PAA. with a 'Complete' flag set from the PAA.
6.1.5. Alternate Failure Notification from PaC to EAP Peer 7.1.5. Alternate Failure Notification from PaC to EAP Peer
alt_reject() procedure in the PaC state machine serves as the alt_reject() procedure in the PaC state machine serves as the
mechanism to deliver an authentication failure event to the EAP peer mechanism to deliver an authentication failure event to the EAP peer
without accompanying an EAP message. In the case where the EAP peer without accompanying an EAP message. In the case where the EAP peer
follows the EAP peer state machine defined in [RFC4137], alt_reject() follows the EAP peer state machine defined in [RFC4137], alt_reject()
procedure sets altReject variable of the EAP peer state machine. procedure sets altReject variable of the EAP peer state machine.
Note that the EAP peer state machine in [RFC4137] also defines Note that the EAP peer state machine in [RFC4137] also defines
altAccept variable, however, it is never used in PANA in which EAP- altAccept variable, however, it is never used in PANA in which EAP-
Success messages are reliably delivered by the last PANA-Auth Success messages are reliably delivered by the last PANA-Auth
exchange. exchange.
6.2. Constants 7.2. Constants
FAILED_SESS_TIMEOUT FAILED_SESS_TIMEOUT
Configurable value that allows the PaC to determine whether a PaC Configurable value that allows the PaC to determine whether a PaC
authentication and authorization phase has stalled without an authentication and authorization phase has stalled without an
explicit EAP success or failure notification. explicit EAP success or failure notification.
6.3. Variables 7.3. Variables
AUTH_USER AUTH_USER
This event variable is set to TRUE when initiation of EAP-based This event variable is set to TRUE when initiation of EAP-based
(re-)authentication is triggered by the application. (re-)authentication is triggered by the application.
EAP_SUCCESS EAP_SUCCESS
This event variable is set to TRUE when the EAP peer determines This event variable is set to TRUE when the EAP peer determines
that EAP conversation completes with success. that EAP conversation completes with success.
skipping to change at page 18, line 24 skipping to change at page 20, line 24
received from the EAP peer. received from the EAP peer.
EAP_RESP_TIMEOUT EAP_RESP_TIMEOUT
This event variable is set to TRUE when the PaC that has passed an This event variable is set to TRUE when the PaC that has passed an
EAP message to the EAP-layer does not receive a subsequent EAP EAP message to the EAP-layer does not receive a subsequent EAP
message from the the EAP-layer in a given period. This provides a message from the the EAP-layer in a given period. This provides a
time limit for certain EAP methods where user interaction maybe time limit for certain EAP methods where user interaction maybe
required. required.
6.4. Procedures 7.4. Procedures
boolean eap_piggyback() boolean eap_piggyback()
This procedures returns TRUE to indicate whether the next EAP This procedures returns TRUE to indicate whether the next EAP
response will be carried in the pending PAN message for response will be carried in the pending PAN message for
optimization. optimization.
void alt_reject() void alt_reject()
This procedure informs the EAP peer of an authentication failure This procedure informs the EAP peer of an authentication failure
skipping to change at page 18, line 47 skipping to change at page 20, line 47
void EAP_RespTimerStart() void EAP_RespTimerStart()
A procedure to start a timer to receive an EAP-Response from the A procedure to start a timer to receive an EAP-Response from the
EAP peer. EAP peer.
void EAP_RespTimerStop() void EAP_RespTimerStop()
A procedure to stop a timer to receive an EAP-Response from the A procedure to stop a timer to receive an EAP-Response from the
EAP peer. EAP peer.
6.5. PaC State Transition Table 7.5. PaC State Transition Table
------------------------------ ------------------------------
State: INITIAL (Initial State) State: INITIAL (Initial State)
------------------------------ ------------------------------
Initialization Action: Initialization Action:
NONCE_SENT=Unset; NONCE_SENT=Unset;
RTX_COUNTER=0; RTX_COUNTER=0;
RtxTimerStop(); RtxTimerStop();
skipping to change at page 24, line 5 skipping to change at page 26, line 5
---------------- ----------------
State: SESS_TERM State: SESS_TERM
---------------- ----------------
Exit Condition Exit Action Exit State Exit Condition Exit Action Exit State
------------------------+--------------------------+------------ ------------------------+--------------------------+------------
- - - - - - - -(Session termination initiated by PaC) - - - - - - - - - - - - -(Session termination initiated by PaC) - - - - -
Rx:PTA[] Disconnect(); CLOSED Rx:PTA[] Disconnect(); CLOSED
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7. PAA State Machine 8. PAA State Machine
7.1. Interface between PAA and EAP Authenticator 8.1. Interface between PAA and EAP Authenticator
The interface between a PAA and an EAP authenticator provides a The interface between a PAA and an EAP authenticator provides a
mechanism to deliver EAP messages for the EAP authenticator as well mechanism to deliver EAP messages for the EAP authenticator as well
as a mechanism to notify the EAP authenticator of PAA events and to as a mechanism to notify the EAP authenticator of PAA events and to
receive notification of EAP authenticator events. These message receive notification of EAP authenticator events. These message
delivery and event notification mechanisms occur only within context delivery and event notification mechanisms occur only within context
of their associated states or exit actions. of their associated states or exit actions.
7.1.1. EAP Restart Notification from PAA to EAP Authenticator 8.1.1. EAP Restart Notification from PAA to EAP Authenticator
An EAP authenticator state machine defined in [RFC4137] has an An EAP authenticator state machine defined in [RFC4137] has an
initialization procedure before sending the first EAP request. To initialization procedure before sending the first EAP request. To
initialize the EAP state machine, the PAA state machine defines an initialize the EAP state machine, the PAA state machine defines an
event notification mechanism to send an EAP (re)start event to the event notification mechanism to send an EAP (re)start event to the
EAP peer. The event notification is done via EAP_Restart() procedure EAP authenticator. The event notification is done via EAP_Restart()
in the initialization action of the PAA state machine. procedure in the initialization action of the PAA state machine.
7.1.2. Delivering EAP Responses from PAA to EAP Authenticator 8.1.2. Delivering EAP Responses from PAA to EAP Authenticator
TxEAP() procedure in the PAA state machine serves as the mechanism to TxEAP() procedure in the PAA state machine serves as the mechanism to
deliver EAP-Responses contained in PANA-Auth-Answer messages to the deliver EAP-Responses contained in PANA-Auth-Answer messages to the
EAP authenticator. This procedure is enabled only after an EAP EAP authenticator. This procedure is enabled only after an EAP
restart event is notified to the EAP authenticator and before any restart event is notified to the EAP authenticator and before any
event resulting in a termination of the EAP authenticator session. event resulting in a termination of the EAP authenticator session.
In the case where the EAP authenticator follows the EAP authenticator In the case where the EAP authenticator follows the EAP authenticator
state machines defined in [RFC4137], TxEAP() procedure sets eapResp state machines defined in [RFC4137], TxEAP() procedure sets eapResp
variable of the EAP authenticator state machine and puts the EAP variable of the EAP authenticator state machine and puts the EAP
response in eapRespData variable of the EAP authenticator state response in eapRespData variable of the EAP authenticator state
machine. machine.
7.1.3. Delivering EAP Messages from EAP Authenticator to PAA 8.1.3. Delivering EAP Messages from EAP Authenticator to PAA
An EAP request is delivered from the EAP authenticator to the PAA via An EAP request is delivered from the EAP authenticator to the PAA via
EAP_REQUEST event variable. The event variable is set when the EAP EAP_REQUEST event variable. The event variable is set when the EAP
authenticator passes the EAP request to its lower-layer. In the case authenticator passes the EAP request to its lower-layer. In the case
where the EAP authenticator follows the EAP authenticator state where the EAP authenticator follows the EAP authenticator state
machines defined in [RFC4137], EAP_REQUEST event variable refers to machines defined in [RFC4137], EAP_REQUEST event variable refers to
eapReq variable of the EAP authenticator state machine and the EAP eapReq variable of the EAP authenticator state machine and the EAP
request is contained in eapReqData variable of the EAP authenticator request is contained in eapReqData variable of the EAP authenticator
state machine. state machine.
7.1.4. EAP Authentication Result Notification from EAP Authenticator to 8.1.4. EAP Authentication Result Notification from EAP Authenticator to
PAA PAA
In order for the EAP authenticator to notify the PAA of the EAP In order for the EAP authenticator to notify the PAA of the EAP
authentication result, EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event authentication result, EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event
variables are defined. In the case where the EAP authenticator variables are defined. In the case where the EAP authenticator
follows the EAP authenticator state machines defined in [RFC4137], follows the EAP authenticator state machines defined in [RFC4137],
EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables refer to EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables refer to
eapSuccess, eapFail and eapTimeout variables of the EAP authenticator eapSuccess, eapFail and eapTimeout variables of the EAP authenticator
state machine, respectively. In this case, if EAP_SUCCESS event state machine, respectively. In this case, if EAP_SUCCESS event
variable is set to TRUE, an EAP-Success message is contained in variable is set to TRUE, an EAP-Success message is contained in
eapReqData variable of the EAP authenticator state machine, and eapReqData variable of the EAP authenticator state machine, and
additionally, eapKeyAvailable variable is set to TRUE and eapKeyData additionally, eapKeyAvailable variable is set to TRUE and eapKeyData
variable contains a AAA-Key if the AAA-Key is generated as a result variable contains an MSK if the MSK is generated as a result of
of successful authentication by the EAP authentication method in use. successful authentication by the EAP authentication method in use.
Similarly, if EAP_FAILURE event variable is set to TRUE, an EAP- Similarly, if EAP_FAILURE event variable is set to TRUE, an EAP-
Failure message is contained in eapReqData variable of the EAP Failure message is contained in eapReqData variable of the EAP
authenticator state machine. The PAA uses EAP_SUCCESS, EAP_FAILURE authenticator state machine. The PAA uses EAP_SUCCESS, EAP_FAILURE
and EAP_TIMEOUT event variables as a trigger to send a PAR message to and EAP_TIMEOUT event variables as a trigger to send a PAR message to
the PaC. the PaC.
7.2. Variables 8.2. Variables
OPTIMIZED_INIT OPTIMIZED_INIT
This variable indicates whether the PAA is able to piggyback an This variable indicates whether the PAA is able to piggyback an
EAP-Request in the initial PANA-Auth-Request. Otherwise it is set EAP-Request in the initial PANA-Auth-Request. Otherwise it is set
to FALSE. to FALSE.
PAC_FOUND PAC_FOUND
This variable is set to TRUE as a result of a PAA initiated This variable is set to TRUE as a result of a PAA initiated
skipping to change at page 26, line 17 skipping to change at page 28, line 17
This event variable is set to TRUE when the EAP authenticator This event variable is set to TRUE when the EAP authenticator
delivers an EAP Request to the PAA. This event accompanies an delivers an EAP Request to the PAA. This event accompanies an
EAP-Request message received from the EAP authenticator. EAP-Request message received from the EAP authenticator.
EAP_TIMEOUT EAP_TIMEOUT
This event variable is set to TRUE when EAP conversation times out This event variable is set to TRUE when EAP conversation times out
without generating an EAP-Success or an EAP-Failure message. This without generating an EAP-Success or an EAP-Failure message. This
event does not accompany any EAP message. event does not accompany any EAP message.
7.3. Procedures 8.3. Procedures
boolean new_key_available() boolean new_key_available()
A procedure to check whether the PANA session has a new A procedure to check whether the PANA session has a new
PANA_AUTH_KEY. If the state machine already have a PANA_AUTH_KEY, PANA_AUTH_KEY. If the state machine already have a PANA_AUTH_KEY,
it returns FALSE. If the state machine does not have a it returns FALSE. If the state machine does not have a
PANA_AUTH_KEY, it tries to retrieve a AAA-Key from the EAP entity. PANA_AUTH_KEY, it tries to retrieve an MSK from the EAP entity.
If a AAA-Key has been retrieved, it computes a PANA_AUTH_KEY from If an MSK has been retrieved, it computes a PANA_AUTH_KEY from the
the AAA-Key and returns TRUE. Otherwise, it returns FALSE. MSK and returns TRUE. Otherwise, it returns FALSE.
7.4. PAA State Transition Table 8.4. PAA State Transition Table
------------------------------ ------------------------------
State: INITIAL (Initial State) State: INITIAL (Initial State)
------------------------------ ------------------------------
Initialization Action: Initialization Action:
OPTIMIZED_INIT=Set|Unset; OPTIMIZED_INIT=Set|Unset;
NONCE_SENT=Unset; NONCE_SENT=Unset;
RTX_COUNTER=0; RTX_COUNTER=0;
skipping to change at page 31, line 5 skipping to change at page 33, line 5
State: SESS_TERM State: SESS_TERM
---------------- ----------------
Exit Condition Exit Action Exit State Exit Condition Exit Action Exit State
------------------------+--------------------------+------------ ------------------------+--------------------------+------------
- - - - - - - - - - - - - -(PTA processing) - - - - - - - - - - - - - - - - - - - - - - - -(PTA processing) - - - - - - - - - -
Rx:PTA[] RtxTimerStop(); CLOSED Rx:PTA[] RtxTimerStop(); CLOSED
Disconnect(); Disconnect();
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8. Implementation Considerations 9. Implementation Considerations
8.1. PAA and PaC Interface to Service Management Entity 9.1. PAA and PaC Interface to Service Management Entity
In general, it is assumed in each device that has a PANA protocol In general, it is assumed in each device that has a PANA protocol
stack that there is a Service Management Entity (SME) that manages stack that there is a Service Management Entity (SME) that manages
the PANA protocol stack. It is recommended that a generic interface the PANA protocol stack. It is recommended that a generic interface
(i.e., the SME-PANA interface) between the SME and the PANA protocol (i.e., the SME-PANA interface) between the SME and the PANA protocol
stack be provided by the implementation. Especially, common stack be provided by the implementation. Especially, common
procedures such as startup, shutdown, re-authenticate signals and procedures such as startup, shutdown, re-authenticate signals and
provisions for extracting keying material should be provided by such provisions for extracting keying material should be provided by such
an interface. The SME-PANA interface in a PAA device should also an interface. The SME-PANA interface in a PAA device should also
provide a method for communicating filtering parameters to the EP(s). provide a method for communicating filtering parameters to the EP(s).
When cryptographic filtering is used, the filtering parameters When cryptographic filtering is used, the filtering parameters
include keying material used for bootstrapping per-packet ciphering. include keying material used for bootstrapping per-packet ciphering.
When a PAA device interacts with the backend authentication server When a PAA device interacts with the backend authentication server
using a AAA protocol, its SME may also have an interface to the AAA using a AAA protocol, its SME may also have an interface to the AAA
protocol to obtain authorization parameters such as the authorization protocol to obtain authorization parameters such as the authorization
lifetime and additional filtering parameters. lifetime and additional filtering parameters.
9. Security Considerations 10. Security Considerations
This document's intent is to describe the PANA state machines fully. This document's intent is to describe the PANA state machines fully.
To this end, any security concerns with this document are likely a To this end, any security concerns with this document are likely a
reflection of security concerns with PANA itself. reflection of security concerns with PANA itself.
10. IANA Considerations 11. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
11. Acknowledgments 12. Acknowledgments
This work was started from state machines originally made by Dan This work was started from state machines originally made by Dan
Forsberg. Forsberg.
12. References 13. References
12.1. Normative References 13.1. Normative References
[RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A.
Yegin, "Protocol for Carrying Authentication for Network Yegin, "Protocol for Carrying Authentication for Network
Access (PANA)", RFC 5191, May 2008. Access (PANA)", RFC 5191, May 2008.
12.2. Informative References 13.2. Informative References
[RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, [RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba,
"State Machines for Extensible Authentication Protocol "State Machines for Extensible Authentication Protocol
(EAP) Peer and Authenticator", RFC 4137, August 2005. (EAP) Peer and Authenticator", RFC 4137, August 2005.
Authors' Addresses Authors' Addresses
Victor Fajardo (editor) Victor Fajardo (editor)
Toshiba America Research, Inc. Toshiba America Research, Inc.
1 Telcordia Drive 1 Telcordia Drive
 End of changes. 53 change blocks. 
102 lines changed or deleted 107 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/