Embed Size (px)
DESCRIPTION
doc.: IEEE /0027r0 Submission January 2006 Slide 3 Abstract This document is an initial proposal to address the requirements in the Online enrollment Cluster for TGu. Content: - Proposal for R8E1 - Requirement Analysis for R8E2 - Proposal for R8E4 - Common solution for R8E1 & R8E4 - Analysis of general requirements - Summary
Citation preview
January 2006
Slide 1
doc.: IEEE 802.11-06/0027r0
Submission
WiNOT Consortium: Proposal for online enrollment cluster
Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.
Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <[email protected]> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <[email protected]>.
Date: 16th January 2006
Name Company Address Phone email S. Berg, W. Gröting BenQ Neutor 3-4, 46395
Bocholt, Germany +49 2842 95 1781 +49 2842 95 2142
[email protected]; [email protected]
Authors:
January 2006
Slide 2
doc.: IEEE 802.11-06/0027r0
Submission
WiNOT consortium
• This presentation is made on behalf of the WiNOT (Wireless NetwOrking Technology), comprising:– Intel– Nokia– Siemens– Panasonic– STMicroeletronics– Cingular– BenQ– T-Mobile
January 2006
Slide 3
doc.: IEEE 802.11-06/0027r0
Submission
Abstract
This document is an initial proposal to address the requirements in the Online enrollment Cluster for 802.11 TGu.
Content:- Proposal for R8E1- Requirement Analysis for R8E2- Proposal for R8E4- Common solution for R8E1 & R8E4- Analysis of general requirements- Summary
January 2006
Slide 4
doc.: IEEE 802.11-06/0027r0
Submission
Requirement R8E1
• “Define functionality by which the STA is able to determine what online enrollment methods are supported by the network”
• Notes: Some networks allow users to enroll “over the air” – for example, the Wi-Fi alliance has defined such functionality based on browser capture, as part of the Universal Access Method – (UAM) concept. The idea is to allow a STA to determine whether a network supports such functionality (and if so which one). If the network does not support enrollment, then the user must already be in possession of security credentials (e.g. as determined by the EAP method in use) unless the network provides open access.
January 2006
Slide 5
doc.: IEEE 802.11-06/0027r0
Submission
Proposal for R8E1 – Functionality to determine online enrollment methods
Desired Functionality• Indicate whether online enrollment is supported or not (Yes/No)• In case “Yes” provide a list of online enrollment methods
{EAP, UAM, …etc}• In case “No” indicate whether enrollment is not allowed
(private/company access) or not required (open/public access)Possible Solution• Use two capability bits in the broadcast beacon or
in an extended capability information element • Transport new information elements over management frames
– Use existing management frames (e.g. Probe-Request/Response) – Define a new generic management frame
January 2006
Slide 6
doc.: IEEE 802.11-06/0027r0
Submission
Requirement R8E2 (optional)
• “Define functionality for online enrollment”• Notes: The only current widely adopted common online
enrollment mechanism is the Wi-Fi Alliance’s Universal Access Mechanism (UAM) and this has many problems. For example it requires the user to start-up a browser (and users who are restricted to VLAN connections may be unable to do so), plus the initial connection must be unprotected, which makes it more difficult to switch on protection later.
January 2006
Slide 7
doc.: IEEE 802.11-06/0027r0
Submission
Proposal for R8E2 – New functionality for online enrollment
Requirement Evaluation• UAM Method has got two main problems:
– Browser needs to be started to enter credentials– WLAN interface needs boot in unprotected mode and has to re-start using received
credentials or stays in unprotected mode– BUT: UAM and other similar mechanísm are out of scope of TGu
• Possible solution: Use EAP based enrollment method (draft-mahy-eap-enrollment-00.txt)
– BUT: Solution needs a new EAP method and the support of EAP TLS– BUT: Out of scope of TGu
• Possible solution: Use DHCP Methods for configuration management– BUT: Solution needs to start WLAN Interface in unprotected mode– BUT: Out of scope of TGu
• Possible solution: Modify 802.1x port based authentication– Could this be a possible way?
• Proposal: Since its optional, leave it open for the time being …
January 2006
Slide 8
doc.: IEEE 802.11-06/0027r0
Submission
Requirement R8E4 (optional)
• “Functionality shall be provided by which APs can advertise (before connection) the charges that will be made for use of the network if a user enrolls with it”
• Notes: While in principle most people would like this to be possible, there are a significant number of people who doubt that a practical and consistent mechanism can be defined. For this reason the group has marked it as optional – they are open to proposals in this area.
January 2006
Slide 9
doc.: IEEE 802.11-06/0027r0
Submission
Proposal for R8E4 – Advertisement of charges for network usage
Proposal:• Indicate at least whether the use of the network is free of charge
or not• Q: Do we need an option – “We’re not saying!”?
• Use one capability bit in the broadcast beacon or in an extended capability information element
Other ideas for a more detailed information on network charges:• J. Caron: AAA cost advertisement extensions
– draft-caron-aaa-cost-advertisement-00.txt• W. Groeting: Network selection implementation results
– draft-groeting-eap-netselection-results-00.txt• K. Koora: Discussions on 802.21 IS Requirements
– 21-05-0459-00-0000-Dec08_2005_Telecon_Meeting_Minutes.doc
January 2006
Slide 10
doc.: IEEE 802.11-06/0027r0
Submission
Common solution proposal for R8E1 and R8E4
Proposal:• Combine indication of enrollment support and charges for network usage
to cover to following scenarios:
• Use two capability bits in the broadcast beacon or in an extended capability information element
Enrollment Charges / Access not allowed
Scenario
Yes No Enrollment required, no charges
Yes Yes Enrollment required, charged
No Yes no Enrollment, access not allowed
No No no Enrollment, no charges
January 2006
Slide 11
doc.: IEEE 802.11-06/0027r0
Submission
Some Use CasesDescription R8E1
- Enrollment typeR8E4 - Charges (optional)
R8N1 - SSPN based access
R8N4 - interworking services
Security Enabled
A community mesh network, free and open to all, with a link to the Internet.
None (users can use the network without enrollment) None None Internet No
A corporate private networkAuthorised users only None Yes
The IEEE 802 Meeting WLANAuthorised users only None No
A hotspot that provides point of presence for other operators, but has no local customers
Authorised users only Yes
Internet, 3GPP etc… Yes
A local commercial hotspot without any roaming agreements Yes Yes No Internet Yes
A hotspot that has both local users and roaming agreements Yes Yes YesInternet, 3GPP etc… Yes
A free to use network that requires people to register before using it (probably for legal reasons) Yes No No Internet Yes
A museum's local information service
None (users can use the network without enrollment) No No None No
An E911 service E911 No No E911 No
January 2006
Slide 12
doc.: IEEE 802.11-06/0027r0
Submission
Analysis of general requirements R8G1 and R8G2
R8G1: Minimize battery consumption• New capability bits have no impact on power
consumption• Additional exchange of management frames to probe
for new enrollment related information elements may increase power consumption
R8G2: Security impact• Enrollment functionality that has been advertised has
to be checked in the enrollment procedure anyway• Cost information has to be verified after authentication
over a secured channel
January 2006
Slide 13
doc.: IEEE 802.11-06/0027r0
Submission
Summary for online enrollment cluster
• Proposal addresses R8E1 (required) and R8E4 (optional) of the requirements in the online enrollment cluster
• Battery consumption (G1) and Security implications (G2) of the proposal have been analyzed
