Architectures have
been implemented in the industry to assess the software or hardware
configuration of endpoint devices for the purposes of monitoring or
enforcing compliance of endpoints to an organization's policy for access
to the network. These architectures are not fully interoperable
since some of the protocols used to implement the architecture are not
standards.
The first purpose
of the proposed working group is to define requirements for the protocols
needed to ensure interoperability in an NEA system. The second purpose of the
working group is to ensure standardization of protocols that meet these
requirements. In some cases, these
protocols may best be standardized in another working group. Therefore, the
proposed working group will work with the area directors to determine the best
way to complete this standardization effort (in the proposed working group or
in another one).
The scope of
the initial charter is on the following protocols that support architectures for
network endpoint assessment (as
described in
draft-thomson-nea-problem-statement-00.txt):
1. IF-PB (posture
broker protocol)
2. IF-PT (EAP
method suitable for carrying
posture information as well as supporting
authentication)
3. IF-PT (EAP over
IP transport
protocol)
4. IF-NAE (Radius
attributes for network access enforcement)
Other interfaces
that may be included in the charter at a later date
include:
--- IF-PA
(posture attribute protocol)
--- IF-SB
(Protocol between server broker and
posture server. Name of interface TBD in problem-statement
I-D. )
Note that
the initial scope of the WG targets architectures that use the EAP/Radius
framework for IF-PT (posture transport interface) and IF-NAE (network access
enforcement interface). This does not preclude the standardization of other posture
transport protocols or network
authorization protocols in the future,
but this is not part of the initial
charter.
Work will be
carried out in two phases. In the first phase, the WG will define requirements for each
of the protocols identified in 1) -
4) above. When the requirements have been defined, this WG will work with the responsible ADs
to identify the appropriate WG for meeting these
requirements.
Milestones:
June 2006:
* Submit
requirements I-D to IETF including
--- requirements for IF-PT (EAP method layer)
--- requirements for IF-NAE
September
2006:
* Submit revised
requirements I-D to IETF that includes above plus:
--- requirements
for IF -PT (EAP over IP
transport layer e.g. EAP
over UDP, EAP over TLS)
--- requirements
for IF-PB
December 2006:
* Review ongoing
work in IETF (e.g. EMU WG, Radext WG, PANA WG, NEA WG) and work with ADs to
identify the WG responsible for accommodating protocol requirements that are
not currently being met.
Feb
2007:
* Submit
requirements I-D to IESG for publication as Info RFC
* Revise WG
charter to accommodate definition of protocols not covered in other WGs e.g. IF-PB
* Submit I-D
on protocols to be defined in this WG e.g. IF-PB
specification
