idnits 2.17.1 draft-ietf-pana-statemachine-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1289. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1300. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1307. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1313. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 4, 2008) is 5615 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'C' is mentioned on line 1112, but not defined == Missing Reference: 'S' is mentioned on line 1038, but not defined == Missing Reference: 'P' is mentioned on line 1154, but not defined == Missing Reference: 'A' is mentioned on line 1123, but not defined Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PANA Working Group V. Fajardo, Ed. 3 Internet-Draft Y. Ohba 4 Expires: June 7, 2009 TARI 5 R. Lopez 6 Univ. of Murcia 7 December 4, 2008 9 State Machines for Protocol for Carrying Authentication for Network 10 Access (PANA) 11 draft-ietf-pana-statemachine-08 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on June 7, 2009. 38 Abstract 40 This document defines the conceptual state machines for the Protocol 41 for Carrying Authentication for Network Access (PANA). The state 42 machines consist of the PANA Client (PaC) state machine and the PANA 43 Authentication Agent (PAA) state machine. The two state machines 44 show how PANA can interface with the EAP state machines. The state 45 machines and associated model are informative only. Implementations 46 may achieve the same results using different methods. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 51 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 52 3. Interface Between PANA and EAP . . . . . . . . . . . . . . . . 7 53 4. Document Authority . . . . . . . . . . . . . . . . . . . . . . 9 54 5. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . 10 55 6. Common Rules . . . . . . . . . . . . . . . . . . . . . . . . . 12 56 6.1. Common Procedures . . . . . . . . . . . . . . . . . . . . 12 57 6.2. Common Variables . . . . . . . . . . . . . . . . . . . . . 14 58 6.3. Constants . . . . . . . . . . . . . . . . . . . . . . . . 16 59 6.4. Common Message Initialization Rules . . . . . . . . . . . 16 60 6.5. Common Retransmition Rules . . . . . . . . . . . . . . . . 16 61 6.6. Common State Transitions . . . . . . . . . . . . . . . . . 16 62 7. PaC State Machine . . . . . . . . . . . . . . . . . . . . . . 18 63 7.1. Interface between PaC and EAP Peer . . . . . . . . . . . . 18 64 7.1.1. Delivering EAP Messages from PaC to EAP Peer . . . . . 18 65 7.1.2. Delivering EAP Messages from EAP Peer to PaC . . . . . 18 66 7.1.3. EAP Restart Notification from PaC to EAP Peer . . . . 18 67 7.1.4. EAP Authentication Result Notification from EAP 68 Peer to PaC . . . . . . . . . . . . . . . . . . . . . 19 69 7.1.5. Alternate Failure Notification from PaC to EAP Peer . 19 70 7.2. Constants . . . . . . . . . . . . . . . . . . . . . . . . 19 71 7.3. Variables . . . . . . . . . . . . . . . . . . . . . . . . 19 72 7.4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 20 73 7.5. PaC State Transition Table . . . . . . . . . . . . . . . . 20 74 8. PAA State Machine . . . . . . . . . . . . . . . . . . . . . . 26 75 8.1. Interface between PAA and EAP Authenticator . . . . . . . 26 76 8.1.1. EAP Restart Notification from PAA to EAP 77 Authenticator . . . . . . . . . . . . . . . . . . . . 26 78 8.1.2. Delivering EAP Responses from PAA to EAP 79 Authenticator . . . . . . . . . . . . . . . . . . . . 26 80 8.1.3. Delivering EAP Messages from EAP Authenticator to 81 PAA . . . . . . . . . . . . . . . . . . . . . . . . . 26 82 8.1.4. EAP Authentication Result Notification from EAP 83 Authenticator to PAA . . . . . . . . . . . . . . . . . 26 84 8.2. Variables . . . . . . . . . . . . . . . . . . . . . . . . 27 85 8.3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . 28 86 8.4. PAA State Transition Table . . . . . . . . . . . . . . . . 28 87 9. Implementation Considerations . . . . . . . . . . . . . . . . 33 88 9.1. PAA and PaC Interface to Service Management Entity . . . . 33 89 10. Security Considerations . . . . . . . . . . . . . . . . . . . 34 90 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 91 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 92 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 93 13.1. Normative References . . . . . . . . . . . . . . . . . . . 37 94 13.2. Informative References . . . . . . . . . . . . . . . . . . 37 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 38 96 Intellectual Property and Copyright Statements . . . . . . . . . . 39 98 1. Introduction 100 This document defines the state machines for Protocol Carrying 101 Authentication for Network Access (PANA) [RFC5191]. There are state 102 machines for the PANA client (PaC) and for the PANA Authentication 103 Agent (PAA). Each state machine is specified through a set of 104 variables, procedures and a state transition table. 106 A PANA protocol execution consists of several exchanges to carry 107 authentication information. Specifically, EAP PDUs are transported 108 inside PANA PDUs between PaC and PAA, that is PANA represents a lower 109 layer for EAP protocol. Thus, a PANA state machine bases its 110 execution on an EAP state machine execution and vice versa. Thus 111 this document also shows for each of PaC and PAA an interface between 112 an EAP state machine and a PANA state machine and how this interface 113 allows to exchange information between them. Thanks to this 114 interface, a PANA state machine can be informed about several events 115 generated in an EAP state machine and make its execution conditional 116 to its events. 118 The details of EAP state machines are out of the scope of this 119 document. Additional information can be found in [RFC4137]. 120 Nevertheless PANA state machines presented here have been coordinated 121 with state machines shown by [RFC4137]. 123 This document, apart from defining PaC and PAA state machines and 124 their interfaces to EAP state machines (running on top of PANA), 125 provides some implementation considerations, taking into account that 126 it is not a specification but an implementation guideline. 128 2. Terminology 130 This document reuses the terminology used in [RFC5191]. 132 3. Interface Between PANA and EAP 134 PANA carries EAP messages exchanged between an EAP peer and an EAP 135 authenticator (see Figure 1). Thus a PANA state machine interacts 136 with an EAP state machine. 138 Two state machines are defined in this document : the PaC state 139 machine (see Section 7) and the PAA state machine (see Section 8). 140 The definition of each state machine consists of a set of variables, 141 procedures and a state transition table. A subset of these variables 142 and procedures defines the interface between a PANA state machine and 143 an EAP state machine and the state transition table defines the PANA 144 state machine behavior based on results obtained through them. 146 On the one hand, the PaC state machine interacts with an EAP peer 147 state machine in order to carry out the PANA protocol on the PaC 148 side. On the other hand, the PAA state machine interacts with an EAP 149 authenticator state machine to run the PANA protocol on the PAA side. 151 Peer |EAP Auth 152 EAP <---------|------------> EAP 153 ^ | | ^ | 154 | | | EAP-Message | | EAP-Message 155 EAP-Message | |EAP-Message | | | 156 | v |PANA | v 157 PaC <---------|------------> PAA 159 Figure 1: Interface between PANA and EAP 161 Thus two interfaces are needed between PANA state machines and EAP 162 state machines, namely: 164 o Interface between the PaC state machine and the EAP peer state 165 machine 167 o Interface between the PAA state machine and the EAP authenticator 168 state machine 170 In general, the PaC and PAA state machines present EAP messages to 171 the EAP peer and authenticator state machines through the interface, 172 respectively. The EAP peer and authenticator state machines process 173 these messages and sends EAP messages through the PaC and PAA state 174 machines that is responsible for actually transmitting this message, 175 respectively. 177 For example, [RFC4137] specifies four interfaces to lower layers: (i) 178 an interface between the EAP peer state machine and a lower layer, 179 (ii) an interface between the EAP standalone authenticator state 180 machine and a lower layer, (iii) an interface between the EAP full 181 authenticator state machine and a lower layer and (iv) an interface 182 between the EAP backend authenticator state machine and a lower 183 layer. In this document, the PANA protocol is the lower layer of EAP 184 and only the first three interfaces are of interest to PANA. The 185 second and third interfaces are the same. In this regard, the EAP 186 standalone authenticator or the EAP full authenticator and its state 187 machine in [RFC4137] are referred to as the EAP authenticator and the 188 EAP authenticator state machine, respectively, in this document. If 189 an EAP peer and an EAP authenticator follow the state machines 190 defined in [RFC4137], the interfaces between PANA and EAP could be 191 based on that document. Detailed definition of interfaces between 192 PANA and EAP are described in the subsequent sections. 194 4. Document Authority 196 When a discrepancy occurs between any part of this document and any 197 of the related documents ([RFC5191], [RFC4137] the latter (the other 198 documents) are considered authoritative and takes precedence. 200 5. Notations 202 The following state transition tables are completed mostly based on 203 the conventions specified in [RFC4137]. The complete text is 204 described below. 206 State transition tables are used to represent the operation of the 207 protocol by a number of cooperating state machines each comprising a 208 group of connected, mutually exclusive states. Only one state of 209 each machine can be active at any given time. 211 All permissible transitions from a given state to other states and 212 associated actions performed when the transitions occur are 213 represented by using triplets of (exit condition, exit action, exit 214 state). All conditions are expressions that evaluate to TRUE or 215 FALSE; if a condition evaluates to TRUE, then the condition is met. 216 A state "ANY" is a wildcard state that matches the current state in 217 each state machine. The exit conditions of a wildcard state are 218 evaluated after all other exit conditions of specific to the current 219 state are met. 221 On exit from a state, the exit actions defined for the state and the 222 exit condition are executed exactly once, in the order that they 223 appear on the page. (Note that the procedures defined in [RFC4137] 224 are executed on entry to a state, which is one major difference from 225 this document.) Each exit action is deemed to be atomic; i.e., 226 execution of an exit action completes before the next sequential exit 227 action starts to execute. No exit action execute outside of a state 228 block. The exit actions in only one state block execute at a time 229 even if the conditions for execution of state blocks in different 230 state machines are satisfied. All exit actions in an executing state 231 block complete execution before the transition to and execution of 232 any other state blocks. The execution of any state block appears to 233 be atomic with respect to the execution of any other state block and 234 the transition condition to that state from the previous state is 235 TRUE when execution commences. The order of execution of state 236 blocks in different state machines is undefined except as constrained 237 by their transition conditions. A variable that is set to a 238 particular value in a state block retains this value until a 239 subsequent state block executes an exit action that modifies the 240 value. 242 On completion of the transition from the previous state to the 243 current state, all exit conditions occurring during the current state 244 (including exit conditions defined for the wildcard state) are 245 evaluated until an exit condition for that state is met. 247 Any event variable is set to TRUE when the corresponding event occurs 248 and set to FALSE immediately after completion of the action 249 associated with the current state and the event. 251 The interpretation of the special symbols and operators used is 252 defined in [RFC4137]. 254 6. Common Rules 256 There are following procedures, variables, message initializing rules 257 and state transitions that are common to both the PaC and PAA state 258 machines. 260 Throughout this document, the character string "PANA_MESSAGE_NAME" 261 matches any one of the abbreviated PANA message names, i.e., "PCI", 262 "PAR", "PAN", "PTR", "PTA", "PNR", "PNA". 264 6.1. Common Procedures 266 void None() 268 A null procedure, i.e., nothing is done. 270 void Disconnect() 272 A procedure to delete the PANA session as well as the 273 corresponding EAP session and authorization state. 275 boolean Authorize() 277 A procedure to create or modify authorization state. It returns 278 TRUE if authorization is successful. Otherwise, it returns FALSE. 279 It is assumed that Authorize() procedure of PaC state machine 280 always returns TRUE. In the case that a non-key-generating EAP 281 method is used but a PANA SA is required after successful 282 authentication (generate_pana_sa() returns TRUE), Authorize() 283 procedure must return FALSE. 285 void Tx:PANA_MESSAGE_NAME[flag](AVPs) 287 A procedure to send a PANA message to its peering PANA entity. 288 The "flag" argument contains a flag (e.g., Tx:PAR[C]) to be set to 289 the message, except for 'R' (Request) flag. The "AVPs" contains a 290 list of names of optional AVPs to be inserted in the message, 291 except for AUTH AVP. 293 This procedure includes the following action before actual 294 transmission: 296 if (flag==S) 297 PANA_MESSAGE_NAME.S_flag=Set; 298 if (flag==C) 299 PANA_MESSAGE_NAME.C_flag=Set; 300 if (flag==A) 301 PANA_MESSAGE_NAME.A_flag=Set; 302 if (flag==P) 303 PANA_MESSAGE_NAME.P_flag=Set; 304 PANA_MESSAGE_NAME.insert_avp(AVPs); 305 if (key_available()) 306 PANA_MESSAGE_NANE.insert_avp("AUTH"); 308 void TxEAP() 310 A procedure to send an EAP message to the EAP state machine it 311 interfaces to. 313 void RtxTimerStart() 315 A procedure to start the retransmission timer, reset RTX_COUNTER 316 variable to zero and set an appropriate value to RTX_MAX_NUM 317 variable. 319 void RtxTimerStop() 321 A procedure to stop the retransmission timer. 323 void SessionTimerReStart(TIMEOUT) 325 A procedure to (re)start PANA session timer. TIMEOUT specifies 326 the expiration time associated of the session timer. Expiration 327 of TIMEOUT will trigger a SESS_TIMEOUT event. 329 void SessionTimerStop() 331 A procedure to stop the current PANA session timer. 333 void Retransmit() 335 A procedure to retransmit a PANA message and increment RTX_COUNTER 336 by one(1). 338 void EAP_Restart() 340 A procedure to (re)start an EAP conversation resulting in the re- 341 initialization of an existing EAP session. 343 void PANA_MESSAGE_NAME.insert_avp("AVP_NAME1", "AVP_NAME2",...) 345 A procedure to insert AVPs for each specified AVP name in the list 346 of AVP names in the PANA message. When an AVP name ends with "*", 347 zero, one or more AVPs are inserted, otherwise one AVP is 348 inserted. 350 boolean PANA_MESSAGE_NAME.exist_avp("AVP_NAME") 352 A procedure that checks whether an AVP of the specified AVP name 353 exists in the specified PANA message and returns TRUE if the 354 specified AVP is found, otherwise returns FALSE. 356 boolean generate_pana_sa() 358 A procedure to check whether the EAP method being used generates 359 keys and that a PANA SA will be established on successful 360 authentication. For the PaC, the procedure is also used to check 361 and match the PRF and Integrity algorithm AVPs advertised by the 362 PAA in PAR[S] message. For the PAA, it is used to indicate 363 whether a PRF and Integrity algorithm AVPs will be sent in the 364 PAR[S]. This procedure will return true if a PANA SA will be 365 generated. Otherwise, it returns FALSE. 367 boolean key_available() 369 A procedure to check whether the PANA session has a PANA_AUTH_KEY. 370 If the state machine already has a PANA_AUTH_KEY, it returns TRUE. 371 If the state machine does not have a PANA_AUTH_KEY, it tries to 372 retrieve an MSK from the EAP entity. If an MSK is retrieved, it 373 computes a PANA_AUTH_KEY from the MSK and returns TRUE. 374 Otherwise, it returns FALSE. 376 6.2. Common Variables 378 PAR.RESULT_CODE 380 This variable contains the Result-Code AVP value in the PANA-Auth- 381 Request message in process. When this variable carries 382 PANA_SUCCESS it is assumed that the PAR message always contains an 383 EAP-Payload AVP which carries an EAP-Success message. 385 NONCE_SENT 387 This variable is set to TRUE to indicate that a Nonce-AVP has 388 already been sent. Otherwise it is set to FALSE. 390 RTX_COUNTER 392 This variable contains the current number of retransmissions of 393 the outstanding PANA message. 395 Rx:PANA_MESSAGE_NAME[flag] 397 This event variable is set to TRUE when the specified PANA message 398 is received from its peering PANA entity. The "flag" contains a 399 flag (e.g., Rx:PAR[C]), except for 'R' (Request) flag. 401 RTX_TIMEOUT 403 This event variable is set to TRUE when the retransmission timer 404 is expired. 406 REAUTH 408 This event variable is set to TRUE when an initiation of re- 409 authentication phase is triggered. 411 TERMINATE 413 This event variable is set to TRUE when initiation of PANA session 414 termination is triggered. 416 PANA_PING 418 This event variable is set to TRUE when initiation of liveness 419 test based on PANA-Notification exchange is triggered. 421 SESS_TIMEOUT 423 This event is variable is set to TRUE when the session timer has 424 expired. 426 LIFETIME_SESS_TIMEOUT 428 Configurable value used by the PaC and PAA to close or disconnect 429 an established session in the access phase. This variable 430 indicates the expiration of the session and is set to the value of 431 Session-Lifetime AVP if present in the last PANA-Auth-Request 432 message in the case of the PaC. Otherwise, it is assumed that the 433 value is infinite and therefore has no expiration. Expiration of 434 LIFETIME_SESS_TIMEOUT will cause the event variable SESS_TIMEOUT 435 to be set. 437 ANY 439 This event variable is set to TRUE when any event occurs. 441 6.3. Constants 443 RTX_MAX_NUM 445 Configurable maximum for how many retransmissions should be 446 attempted before aborting. 448 6.4. Common Message Initialization Rules 450 When a message is prepared for sending, it is initialized as follows: 452 o For a request message, R-flag of the header is set. Otherwise, 453 R-flag is not set. 455 o Other message header flags are not set. They are set explicitly 456 by specific state machine actions. 458 o AVPs that are mandatory included in a message are inserted with 459 appropriate values set. 461 6.5. Common Retransmition Rules 463 The state machines defined in this document assumes that the PaC and 464 the PAA caches the last transmitted answer message. This scheme is 465 described in Sec 5.2 of [RFC5191]. When the PaC or PAA receives a 466 re-transmitted or duplicate request, it would be able to re-send the 467 corresponding answer without any aid from the EAP layer. However, to 468 simplify the state machine description, this caching scheme is 469 omitted in the state machines below. In the case that there is not 470 corresponding answer to a re-transmitted request, the request will be 471 handled by the corresponding statemachine. 473 6.6. Common State Transitions 475 The following transitions can occur at any state with exemptions 476 explicitly noted. 478 ---------- 479 State: ANY 480 ---------- 482 Exit Condition Exit Action Exit State 483 ------------------------+--------------------------+------------ 484 - - - - - - - - - - - - - (Re-transmissions)- - - - - - - - - - 485 RTX_TIMEOUT && Retransmit(); (no change) 486 RTX_COUNTER< 487 RTX_MAX_NUM 488 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 489 - - - - - - - (Reach maximum number of transmissions)- - - - - - 490 (RTX_TIMEOUT && Disconnect(); CLOSED 491 RTX_COUNTER>= 492 RTX_MAX_NUM) || 493 SESS_TIMEOUT 494 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 496 ------------------------- 497 State: ANY except INITIAL 498 ------------------------- 500 Exit Condition Exit Action Exit State 501 ------------------------+--------------------------+------------ 502 - - - - - - - - - - (liveness test initiated by peer)- - - - - - 503 Rx:PNR[P] Tx:PNA[P](); (no change) 505 The following transitions can occur on any exit condition within the 506 specified state. 508 ------------- 509 State: CLOSED 510 ------------- 512 Exit Condition Exit Action Exit State 513 ------------------------+--------------------------+------------ 514 - - - - - - - -(Catch all event on closed state) - - - - - - - - 515 ANY None(); CLOSED 516 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 518 7. PaC State Machine 520 7.1. Interface between PaC and EAP Peer 522 This interface defines the interactions between a PaC and an EAP 523 peer. The interface serves as a mechanism to deliver EAP messages 524 for the EAP peer. It allows the EAP peer to receive EAP requests and 525 send EAP responses via the PaC. It also provides a mechanism to 526 notify the EAP peer of PaC events and a mechanism to receive 527 notification of EAP peer events. The EAP message delivery mechanism 528 as well as the event notification mechanism in this interface have 529 direct correlation with the PaC state transition table entries. 530 These message delivery and event notifications mechanisms occur only 531 within the context of their associated states or exit actions. 533 7.1.1. Delivering EAP Messages from PaC to EAP Peer 535 TxEAP() procedure in the PaC state machine serves as the mechanism to 536 deliver EAP messages contained in PANA-Auth-Request messages to the 537 EAP peer. This procedure is enabled only after an EAP restart event 538 is notified to the EAP peer and before any event resulting in a 539 termination of the EAP peer session. In the case where the EAP peer 540 follows the EAP peer state machine defined in [RFC4137], TxEAP() 541 procedure sets eapReq variable of the EAP peer state machine and puts 542 the EAP request in eapReqData variable of the EAP peer state machine. 544 7.1.2. Delivering EAP Messages from EAP Peer to PaC 546 An EAP message is delivered from the EAP peer to the PaC via 547 EAP_RESPONSE event variable. The event variable is set when the EAP 548 peer passes the EAP message to its lower-layer. In the case where 549 the EAP peer follows the EAP peer state machine defined in [RFC4137], 550 EAP_RESPONSE event variable refers to eapResp variable of the EAP 551 peer state machine and the EAP message is contained in eapRespData 552 variable of the EAP peer state machine. 554 7.1.3. EAP Restart Notification from PaC to EAP Peer 556 The EAP peer state machine defined in [RFC4137] has an initialization 557 procedure before receiving an EAP message. To initialize the EAP 558 state machine, the PaC state machine defines an event notification 559 mechanism to send an EAP (re)start event to the EAP peer. The event 560 notification is done via EAP_Restart() procedure in the 561 initialization action of the PaC state machine. 563 7.1.4. EAP Authentication Result Notification from EAP Peer to PaC 565 In order for the EAP peer to notify the PaC of an EAP authentication 566 result, EAP_SUCCESS and EAP_FAILURE event variables are defined. In 567 the case where the EAP peer follows the EAP peer state machine 568 defined in [RFC4137], EAP_SUCCESS and EAP_FAILURE event variables 569 refer to eapSuccess and eapFail variables of the EAP peer state 570 machine, respectively. In this case, if EAP_SUCCESS event variable 571 is set to TRUE and an MSK is generated by the EAP authentication 572 method in use, eapKeyAvailable variable is set to TRUE and eapKeyData 573 variable contains the MSK. Note that EAP_SUCCESS and EAP_FAILURE 574 event variables may be set to TRUE even before the PaC receives a PAR 575 with a 'Complete' flag set from the PAA. 577 7.1.5. Alternate Failure Notification from PaC to EAP Peer 579 alt_reject() procedure in the PaC state machine serves as the 580 mechanism to deliver an authentication failure event to the EAP peer 581 without accompanying an EAP message. In the case where the EAP peer 582 follows the EAP peer state machine defined in [RFC4137], alt_reject() 583 procedure sets altReject variable of the EAP peer state machine. 584 Note that the EAP peer state machine in [RFC4137] also defines 585 altAccept variable, however, it is never used in PANA in which EAP- 586 Success messages are reliably delivered by the last PANA-Auth 587 exchange. 589 7.2. Constants 591 FAILED_SESS_TIMEOUT 593 Configurable value that allows the PaC to determine whether a PaC 594 authentication and authorization phase has stalled without an 595 explicit EAP success or failure notification. 597 7.3. Variables 599 AUTH_USER 601 This event variable is set to TRUE when initiation of EAP-based 602 (re-)authentication is triggered by the application. 604 EAP_SUCCESS 606 This event variable is set to TRUE when the EAP peer determines 607 that EAP conversation completes with success. 609 EAP_FAILURE 611 This event variable is set to TRUE when the EAP peer determines 612 that EAP conversation completes with failure. 614 EAP_RESPONSE 616 This event variable is set to TRUE when the EAP peer delivers an 617 EAP message to the PaC. This event accompanies an EAP message 618 received from the EAP peer. 620 EAP_RESP_TIMEOUT 622 This event variable is set to TRUE when the PaC that has passed an 623 EAP message to the EAP-layer does not receive a subsequent EAP 624 message from the the EAP-layer in a given period. This provides a 625 time limit for certain EAP methods where user interaction maybe 626 required. 628 7.4. Procedures 630 boolean eap_piggyback() 632 This procedures returns TRUE to indicate whether the next EAP 633 response will be carried in the pending PAN message for 634 optimization. 636 void alt_reject() 638 This procedure informs the EAP peer of an authentication failure 639 event without accompanying an EAP message. 641 void EAP_RespTimerStart() 643 A procedure to start a timer to receive an EAP-Response from the 644 EAP peer. 646 void EAP_RespTimerStop() 648 A procedure to stop a timer to receive an EAP-Response from the 649 EAP peer. 651 7.5. PaC State Transition Table 653 ------------------------------ 654 State: INITIAL (Initial State) 655 ------------------------------ 656 Initialization Action: 658 NONCE_SENT=Unset; 659 RTX_COUNTER=0; 660 RtxTimerStop(); 662 Exit Condition Exit Action Exit State 663 ------------------------+--------------------------+----------- 664 - - - - - - - - - - (PaC-initiated Handshake) - - - - - - - - - 665 AUTH_USER Tx:PCI[](); INITIAL 666 RtxTimerStart(); 667 SessionTimerReStart 668 (FAILED_SESS_TIMEOUT); 669 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 671 - - - - - - -(PAA-initiated Handshake, not optimized) - - - - - 672 Rx:PAR[S] && EAP_Restart(); WAIT_PAA 673 !PAR.exist_avp SessionTimerReStart 674 ("EAP-Payload") (FAILED_SESS_TIMEOUT); 675 if (generate_pana_sa()) 676 Tx:PAN[S]("PRF-Algorithm", 677 "Integrity-Algorithm"); 678 else 679 Tx:PAN[S](); 680 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 682 - - - - - - - -(PAA-initiated Handshake, optimized) - - - - - - 683 Rx:PAR[S] && EAP_Restart(); INITIAL 684 PAR.exist_avp TxEAP(); 685 ("EAP-Payload") && SessionTimerReStart 686 eap_piggyback() (FAILED_SESS_TIMEOUT); 688 Rx:PAR[S] && EAP_Restart(); WAIT_EAP_MSG 689 PAR.exist_avp TxEAP(); 690 ("EAP-Payload") && SessionTimerReStart 691 !eap_piggyback() (FAILED_SESS_TIMEOUT); 692 if (generate_pana_sa()) 693 Tx:PAN[S]("PRF-Algorithm", 694 "Integrity-Algorithm"); 695 else 696 Tx:PAN[S](); 698 EAP_RESPONSE if (generate_pana_sa()) WAIT_PAA 699 Tx:PAN[S]("EAP-Payload", 700 "PRF-Algorithm", 701 "Integrity-Algorithm"); 702 else 703 Tx:PAN[S]("EAP-Payload"); 705 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 707 --------------- 708 State: WAIT_PAA 709 --------------- 711 Exit Condition Exit Action Exit State 712 ------------------------+--------------------------+------------ 713 - - - - - - - - - - - - - - -(PAR-PAN exchange) - - - - - - - - 714 Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG 715 !eap_piggyback() TxEAP(); 716 EAP_RespTimerStart(); 717 if (NONCE_SENT==Unset) { 718 NONCE_SENT=Set; 719 Tx:PAN[]("Nonce"); 720 } 721 else 722 Tx:PAN[](); 724 Rx:PAR[] && RtxTimerStop(); WAIT_EAP_MSG 725 eap_piggyback() TxEAP(); 726 EAP_RespTimerStart(); 728 Rx:PAN[] RtxTimerStop(); WAIT_PAA 730 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 731 - - - - - - - - - - - - - - -(PANA result) - - - - - - - - - - 732 Rx:PAR[C] && TxEAP(); WAIT_EAP_RESULT 733 PAR.RESULT_CODE== 734 PANA_SUCCESS 736 Rx:PAR[C] && if (PAR.exist_avp WAIT_EAP_RESULT_ 737 PAR.RESULT_CODE!= ("EAP-Payload")) CLOSE 738 PANA_SUCCESS TxEAP(); 739 else 740 alt_reject(); 741 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 743 ------------------- 744 State: WAIT_EAP_MSG 745 ------------------- 747 Exit Condition Exit Action Exit State 748 ------------------------+--------------------------+------------ 749 - - - - - - - - - - (Return PAN/PAR from EAP) - - - - - - - - - 750 EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA 751 eap_piggyback() if (NONCE_SENT==Unset) { 752 Tx:PAN[]("EAP-Payload", 753 "Nonce"); 754 NONCE_SENT=Set; 755 } 756 else 757 Tx:PAN[]("EAP-Payload"); 759 EAP_RESPONSE && EAP_RespTimerStop() WAIT_PAA 760 !eap_piggyback() Tx:PAR[]("EAP-Payload"); 761 RtxTimerStart(); 763 EAP_RESP_TIMEOUT && Tx:PAN[](); WAIT_PAA 764 eap_piggyback() 766 EAP_FAILURE SessionTimerStop(); CLOSED 767 Disconnect(); 768 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 770 ---------------------- 771 State: WAIT_EAP_RESULT 772 ---------------------- 774 Exit Condition Exit Action Exit State 775 ------------------------+--------------------------+------------ 776 - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - - 777 EAP_SUCCESS if (PAR.exist_avp OPEN 778 ("Key-Id")) 779 Tx:PAN[C]("Key-Id"); 780 else 781 Tx:PAN[C](); 782 Authorize(); 783 SessionTimerReStart 784 (LIFETIME_SESS_TIMEOUT); 786 EAP_FAILURE Tx:PAN[C](); CLOSED 787 SessionTimerStop(); 788 Disconnect(); 789 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 791 ---------------------------- 792 State: WAIT_EAP_RESULT_CLOSE 793 ---------------------------- 795 Exit Condition Exit Action Exit State 796 ------------------------+--------------------------+------------ 797 - - - - - - - - - - - - - (EAP Result) - - - - - - - - - - - - - 798 EAP_SUCCESS || if (EAP_SUCCESS && CLOSED 799 EAP_FAILURE PAR.exist_avp("Key-Id")) 800 Tx:PAN[C]("Key-Id"); 802 else 803 Tx:PAN[C](); 804 SessionTimerStop(); 805 Disconnect(); 806 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 808 ----------- 809 State: OPEN 810 ----------- 812 Exit Condition Exit Action Exit State 813 ------------------------+--------------------------+------------ 814 - - - - - - - - - - (liveness test initiated by PaC)- - - - - - 815 PANA_PING Tx:PNR[P](); WAIT_PNA 816 RtxTimerStart(); 817 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 818 - - - - - - - - - (re-authentication initiated by PaC)- - - - - - 819 REAUTH NONCE_SENT=Unset; WAIT_PNA 820 Tx:PNR[A](); 821 RtxTimerStart(); 822 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 823 - - - - - - - - - (re-authentication initiated by PAA)- - - - - - 824 Rx:PAR[] EAP_RespTimerStart(); WAIT_EAP_MSG 825 TxEAP(); 826 if (!eap_piggyback()) 827 Tx:PAN[]("Nonce"); 828 else 829 NONCE_SENT=Unset; 830 SessionTimerReStart 831 (FAILED_SESS_TIMEOUT); 832 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 833 - - - - - - - -(Session termination initiated by PAA) - - - - - - 834 Rx:PTR[] Tx:PTA[](); CLOSED 835 SessionTimerStop(); 836 Disconnect(); 837 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 838 - - - - - - - -(Session termination initiated by PaC) - - - - - - 839 TERMINATE Tx:PTR[](); SESS_TERM 840 RtxTimerStart(); 841 SessionTimerStop(); 842 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 844 --------------- 845 State: WAIT_PNA 846 --------------- 848 Exit Condition Exit Action Exit State 849 ------------------------+--------------------------+------------ 850 - - - - - - - - -(re-authentication initiated by PaC) - - - - - 851 Rx:PNA[A] RtxTimerStop(); WAIT_PAA 852 SessionTimerReStart 853 (FAILED_SESS_TIMEOUT); 854 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 855 - - - - - - - - -(liveness test initiated by PaC) - - - - - - - 856 Rx:PNA[P] RtxTimerStop(); OPEN 857 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 859 ---------------- 860 State: SESS_TERM 861 ---------------- 863 Exit Condition Exit Action Exit State 864 ------------------------+--------------------------+------------ 865 - - - - - - - -(Session termination initiated by PaC) - - - - - 866 Rx:PTA[] Disconnect(); CLOSED 867 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 869 8. PAA State Machine 871 8.1. Interface between PAA and EAP Authenticator 873 The interface between a PAA and an EAP authenticator provides a 874 mechanism to deliver EAP messages for the EAP authenticator as well 875 as a mechanism to notify the EAP authenticator of PAA events and to 876 receive notification of EAP authenticator events. These message 877 delivery and event notification mechanisms occur only within context 878 of their associated states or exit actions. 880 8.1.1. EAP Restart Notification from PAA to EAP Authenticator 882 An EAP authenticator state machine defined in [RFC4137] has an 883 initialization procedure before sending the first EAP request. To 884 initialize the EAP state machine, the PAA state machine defines an 885 event notification mechanism to send an EAP (re)start event to the 886 EAP authenticator. The event notification is done via EAP_Restart() 887 procedure in the initialization action of the PAA state machine. 889 8.1.2. Delivering EAP Responses from PAA to EAP Authenticator 891 TxEAP() procedure in the PAA state machine serves as the mechanism to 892 deliver EAP-Responses contained in PANA-Auth-Answer messages to the 893 EAP authenticator. This procedure is enabled only after an EAP 894 restart event is notified to the EAP authenticator and before any 895 event resulting in a termination of the EAP authenticator session. 896 In the case where the EAP authenticator follows the EAP authenticator 897 state machines defined in [RFC4137], TxEAP() procedure sets eapResp 898 variable of the EAP authenticator state machine and puts the EAP 899 response in eapRespData variable of the EAP authenticator state 900 machine. 902 8.1.3. Delivering EAP Messages from EAP Authenticator to PAA 904 An EAP request is delivered from the EAP authenticator to the PAA via 905 EAP_REQUEST event variable. The event variable is set when the EAP 906 authenticator passes the EAP request to its lower-layer. In the case 907 where the EAP authenticator follows the EAP authenticator state 908 machines defined in [RFC4137], EAP_REQUEST event variable refers to 909 eapReq variable of the EAP authenticator state machine and the EAP 910 request is contained in eapReqData variable of the EAP authenticator 911 state machine. 913 8.1.4. EAP Authentication Result Notification from EAP Authenticator to 914 PAA 916 In order for the EAP authenticator to notify the PAA of the EAP 917 authentication result, EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event 918 variables are defined. In the case where the EAP authenticator 919 follows the EAP authenticator state machines defined in [RFC4137], 920 EAP_SUCCESS, EAP_FAILURE and EAP_TIMEOUT event variables refer to 921 eapSuccess, eapFail and eapTimeout variables of the EAP authenticator 922 state machine, respectively. In this case, if EAP_SUCCESS event 923 variable is set to TRUE, an EAP-Success message is contained in 924 eapReqData variable of the EAP authenticator state machine, and 925 additionally, eapKeyAvailable variable is set to TRUE and eapKeyData 926 variable contains an MSK if the MSK is generated as a result of 927 successful authentication by the EAP authentication method in use. 928 Similarly, if EAP_FAILURE event variable is set to TRUE, an EAP- 929 Failure message is contained in eapReqData variable of the EAP 930 authenticator state machine. The PAA uses EAP_SUCCESS, EAP_FAILURE 931 and EAP_TIMEOUT event variables as a trigger to send a PAR message to 932 the PaC. 934 8.2. Variables 936 OPTIMIZED_INIT 938 This variable indicates whether the PAA is able to piggyback an 939 EAP-Request in the initial PANA-Auth-Request. Otherwise it is set 940 to FALSE. 942 PAC_FOUND 944 This variable is set to TRUE as a result of a PAA initiated 945 handshake. 947 REAUTH_TIMEOUT 949 This event variable is set to TRUE to indicate that the PAA 950 initiates a re-authentication with the PaC. The re-authentication 951 timeout should be set to a value less than the session timeout 952 carried in the Session-Lifetime AVP if present. 954 EAP_SUCCESS 956 This event variable is set to TRUE when EAP conversation completes 957 with success. This event accompanies an EAP- Success message 958 passed from the EAP authenticator. 960 EAP_FAILURE 962 This event variable is set to TRUE when EAP conversation completes 963 with failure. This event accompanies an EAP- Failure message 964 passed from the EAP authenticator. 966 EAP_REQUEST 968 This event variable is set to TRUE when the EAP authenticator 969 delivers an EAP Request to the PAA. This event accompanies an 970 EAP-Request message received from the EAP authenticator. 972 EAP_TIMEOUT 974 This event variable is set to TRUE when EAP conversation times out 975 without generating an EAP-Success or an EAP-Failure message. This 976 event does not accompany any EAP message. 978 8.3. Procedures 980 boolean new_key_available() 982 A procedure to check whether the PANA session has a new 983 PANA_AUTH_KEY. If the state machine already have a PANA_AUTH_KEY, 984 it returns FALSE. If the state machine does not have a 985 PANA_AUTH_KEY, it tries to retrieve an MSK from the EAP entity. 986 If an MSK has been retrieved, it computes a PANA_AUTH_KEY from the 987 MSK and returns TRUE. Otherwise, it returns FALSE. 989 8.4. PAA State Transition Table 991 ------------------------------ 992 State: INITIAL (Initial State) 993 ------------------------------ 995 Initialization Action: 997 OPTIMIZED_INIT=Set|Unset; 998 NONCE_SENT=Unset; 999 RTX_COUNTER=0; 1000 RtxTimerStop(); 1002 Exit Condition Exit Action Exit State 1003 ------------------------+--------------------------+------------ 1004 - - - - - - - - (PCI and PAA initiated PANA) - - - - - - - - - 1005 (Rx:PCI[] || if (OPTIMIZED_INIT == INITIAL 1006 PAC_FOUND) Set) { 1007 EAP_Restart(); 1008 SessionTimerReStart 1009 (FAILED_SESS_TIMEOUT); 1010 } 1011 else { 1012 if (generate_pana_sa()) 1013 Tx:PAR[S]("PRF-Algorithm", 1014 "Integrity-Algorithm"); 1015 else 1016 Tx:PAR[S](); 1017 } 1019 EAP_REQUEST if (generate_pana_sa()) INITIAL 1020 Tx:PAR[S]("EAP-Payload", 1021 "PRF-Algorithm", 1022 "Integrity-Algorithm"); 1023 else 1024 Tx:PAR[S]("EAP-Payload"); 1025 RtxTimerStart(); 1026 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1028 - - - - - - - - - - - - - - (PAN Handling) - - - - - - - - - - 1029 Rx:PAN[S] && if (PAN.exist_avp WAIT_EAP_MSG 1030 ((OPTIMIZED_INIT == ("EAP-Payload")) 1031 Unset) || TxEAP(); 1032 PAN.exist_avp else { 1033 ("EAP-Payload")) EAP_Restart(); 1034 SessionTimerReStart 1035 (FAILED_SESS_TIMEOUT); 1036 } 1038 Rx:PAN[S] && None(); WAIT_PAN_OR_PAR 1039 (OPTIMIZED_INIT == 1040 Set) && 1041 ! PAN.exist_avp 1042 ("EAP-Payload") 1044 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1046 ------------------- 1047 State: WAIT_EAP_MSG 1048 ------------------- 1050 Exit Condition Exit Action Exit State 1051 ------------------------+--------------------------+------------ 1052 - - - - - - - - - - - -(Receiving EAP-Request)- - - - - - - - - 1053 EAP_REQUEST if (NONCE_SENT==Unset) { WAIT_PAN_OR_PAR 1054 Tx:PAR[]("Nonce", 1055 "EAP-Payload"); 1056 NONCE_SENT=Set; 1057 } 1058 else 1059 Tx:PAR[]("EAP-Payload"); 1060 RtxTimerStart(); 1061 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1062 - - - - - - - - - - -(Receiving EAP-Success/Failure) - - - - - 1063 EAP_FAILURE PAR.RESULT_CODE = WAIT_FAIL_PAN 1064 PANA_AUTHENTICATION_ 1065 REJECTED; 1066 Tx:PAR[C]("EAP-Payload"); 1067 RtxTimerStart(); 1068 SessionTimerStop(); 1070 EAP_SUCCESS && PAR.RESULT_CODE = WAIT_SUCC_PAN 1071 Authorize() PANA_SUCCESS; 1072 if (new_key_available()) 1073 Tx:PAR[C]("EAP-Payload", 1074 "Key-Id"); 1075 else 1076 Tx:PAR[C]("EAP-Payload"); 1077 RtxTimerStart(); 1079 EAP_SUCCESS && PAR.RESULT_CODE = WAIT_FAIL_PAN 1080 !Authorize() PANA_AUTHORIZATION_ 1081 REJECTED; 1082 if (new_key_available()) 1083 Tx:PAR[C]("EAP-Payload", 1084 "Key-Id"); 1085 else 1086 Tx:PAR[C]("EAP-Payload"); 1087 RtxTimerStart(); 1088 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1089 - - - - - (Receiving EAP-Timeout or invalid message) - - - - - 1090 EAP_TIMEOUT SessionTimerStop(); CLOSED 1091 Disconnect(); 1092 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1094 -------------------- 1095 State: WAIT_SUCC_PAN 1096 -------------------- 1098 Event/Condition Action Exit State 1099 ------------------------+--------------------------+------------ 1100 - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - - - 1101 Rx:PAN[C] RtxTimerStop(); OPEN 1102 SessionTimerReStart 1103 (LIFETIME_SESS_TIMEOUT); 1104 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1106 -------------------- 1107 State: WAIT_FAIL_PAN 1108 -------------------- 1109 Exit Condition Exit Action Exit State 1110 ------------------------+--------------------------+------------ 1111 - - - - - - - - - - - - - - (PAN Processing)- - - - - - - - - - 1112 Rx:PAN[C] RtxTimerStop(); CLOSED 1113 Disconnect(); 1114 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1116 ----------- 1117 State: OPEN 1118 ----------- 1120 Event/Condition Action Exit State 1121 ------------------------+--------------------------+------------ 1122 - - - - - - - - (re-authentication initiated by PaC) - - - - - - 1123 Rx:PNR[A] NONCE_SENT=Unset; WAIT_EAP_MSG 1124 EAP_Restart(); 1125 Tx:PNA[A](); 1126 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1127 - - - - - - - - (re-authentication initiated by PAA)- - - - - - 1128 REAUTH || NONCE_SENT=Unset; WAIT_EAP_MSG 1129 REAUTH_TIMEOUT EAP_Restart(); 1131 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1132 - - (liveness test based on PNR-PNA exchange initiated by PAA)- 1133 PANA_PING Tx:PNR[P](); WAIT_PNA_PING 1134 RtxTimerStart(); 1135 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1136 - - - - - - - - (Session termination initated from PAA) - - - - 1137 TERMINATE Tx:PTR[](); SESS_TERM 1138 SessionTimerStop(); 1139 RtxTimerStart(); 1140 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1141 - - - - - - - - (Session termination initated from PaC) - - - - 1142 Rx:PTR[] Tx:PTA[](); CLOSED 1143 SessionTimerStop(); 1144 Disconnect(); 1145 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1147 -------------------- 1148 State: WAIT_PNA_PING 1149 -------------------- 1151 Exit Condition Exit Action Exit State 1152 ------------------------+--------------------------+------------ 1153 - - - - - - - - - - - - - -(PNA processing) - - - - - - - - - - 1154 Rx:PNA[P] RtxTimerStop(); OPEN 1155 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1156 ---------------------- 1157 State: WAIT_PAN_OR_PAR 1158 ---------------------- 1160 Exit Condition Exit Action Exit State 1161 ------------------------+--------------------------+------------ 1162 - - - - - - - - - - - - - (PAR Processing)- - - - - - - - - - - 1163 Rx:PAR[] TxEAP(); WAIT_EAP_MSG 1164 RtxTimerStop(); 1165 Tx:PAN[](); 1166 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1167 - - - - - - (Pass EAP Response to the EAP authenticator)- - - - 1168 Rx:PAN[] && TxEAP(); WAIT_EAP_MSG 1169 PAN.exist_avp RtxTimerStop(); 1170 ("EAP-Payload") 1171 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1172 - - - - - - - - - - (PAN without an EAP response) - - - - - - - 1173 Rx:PAN[] && RtxTimerStop(); WAIT_PAN_OR_PAR 1174 !PAN.exist_avp 1175 ("EAP-Payload") 1176 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1177 - - - - - - - - - - - -(EAP retransmission) - - - - - - - - - - 1178 EAP_REQUEST RtxTimerStop(); WAIT_PAN_OR_PAR 1179 Tx:PAR[]("EAP-Payload"); 1180 RtxTimerStart(); 1181 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1182 - - - - - - - (EAP authentication timeout or failure)- - - - - 1183 EAP_FAILURE || RtxTimerStop(); CLOSED 1184 EAP_TIMEOUT SessionTimerStop(); 1185 Disconnect(); 1186 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1188 ---------------- 1189 State: SESS_TERM 1190 ---------------- 1192 Exit Condition Exit Action Exit State 1193 ------------------------+--------------------------+------------ 1194 - - - - - - - - - - - - - -(PTA processing) - - - - - - - - - - 1195 Rx:PTA[] RtxTimerStop(); CLOSED 1196 Disconnect(); 1197 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1199 9. Implementation Considerations 1201 9.1. PAA and PaC Interface to Service Management Entity 1203 In general, it is assumed in each device that has a PANA protocol 1204 stack that there is a Service Management Entity (SME) that manages 1205 the PANA protocol stack. It is recommended that a generic interface 1206 (i.e., the SME-PANA interface) between the SME and the PANA protocol 1207 stack be provided by the implementation. Especially, common 1208 procedures such as startup, shutdown, re-authenticate signals and 1209 provisions for extracting keying material should be provided by such 1210 an interface. The SME-PANA interface in a PAA device should also 1211 provide a method for communicating filtering parameters to the EP(s). 1212 When cryptographic filtering is used, the filtering parameters 1213 include keying material used for bootstrapping per-packet ciphering. 1214 When a PAA device interacts with the backend authentication server 1215 using a AAA protocol, its SME may also have an interface to the AAA 1216 protocol to obtain authorization parameters such as the authorization 1217 lifetime and additional filtering parameters. 1219 10. Security Considerations 1221 This document's intent is to describe the PANA state machines fully. 1222 To this end, any security concerns with this document are likely a 1223 reflection of security concerns with PANA itself. 1225 11. IANA Considerations 1227 This document has no actions for IANA. 1229 12. Acknowledgments 1231 This work was started from state machines originally made by Dan 1232 Forsberg. 1234 13. References 1236 13.1. Normative References 1238 [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. 1239 Yegin, "Protocol for Carrying Authentication for Network 1240 Access (PANA)", RFC 5191, May 2008. 1242 13.2. Informative References 1244 [RFC4137] Vollbrecht, J., Eronen, P., Petroni, N., and Y. Ohba, 1245 "State Machines for Extensible Authentication Protocol 1246 (EAP) Peer and Authenticator", RFC 4137, August 2005. 1248 Authors' Addresses 1250 Victor Fajardo (editor) 1251 Toshiba America Research, Inc. 1252 1 Telcordia Drive 1253 Piscataway, NJ 08854 1254 USA 1256 Phone: +1 732 699 5368 1257 Email: vfajardo@tari.toshiba.com 1259 Yoshihiro Ohba 1260 Toshiba America Research, Inc. 1261 1 Telcordia Drive 1262 Piscataway, NJ 08854 1263 USA 1265 Phone: +1 732 699 5305 1266 Email: yohba@tari.toshiba.com 1268 Rafa Marin Lopez 1269 University of Murcia 1270 30071 Murcia 1271 Spain 1273 Email: rafa@dif.um.es 1275 Full Copyright Statement 1277 Copyright (C) The IETF Trust (2008). 1279 This document is subject to the rights, licenses and restrictions 1280 contained in BCP 78, and except as set forth therein, the authors 1281 retain all their rights. 1283 This document and the information contained herein are provided on an 1284 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1285 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1286 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1287 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1288 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1289 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1291 Intellectual Property 1293 The IETF takes no position regarding the validity or scope of any 1294 Intellectual Property Rights or other rights that might be claimed to 1295 pertain to the implementation or use of the technology described in 1296 this document or the extent to which any license under such rights 1297 might or might not be available; nor does it represent that it has 1298 made any independent effort to identify any such rights. Information 1299 on the procedures with respect to rights in RFC documents can be 1300 found in BCP 78 and BCP 79. 1302 Copies of IPR disclosures made to the IETF Secretariat and any 1303 assurances of licenses to be made available, or the result of an 1304 attempt made to obtain a general license or permission for the use of 1305 such proprietary rights by implementers or users of this 1306 specification can be obtained from the IETF on-line IPR repository at 1307 http://www.ietf.org/ipr. 1309 The IETF invites any interested party to bring to its attention any 1310 copyrights, patents or patent applications, or other proprietary 1311 rights that may cover technology that may be required to implement 1312 this standard. Please address the information to the IETF at 1313 ietf-ipr@ietf.org.