Hi Yinxing:
I have seen that you have also mentioned and described the problem of fast
re-authentication in your I-D. We have been just discussing as you may have
noticed.
Although I am still in favor to define a general problem statement for this in
ABFAB before going to solution space, I must say that here in UMU we have been
thinking about a possible solution for providing this fast re-authentication
procedure, which may have some similarities with yours.
Basically, since GSS-EAP is used in ABFAB to provide authentication, our idea
is to use ERP (RFC 5296) (and the associated infrastructure) to provide fast
re-authentication in ABFAB. After all, ERP is the standard to reduce the
authentication time in EAP-based authentications.
In this way, we could extend GSS-EAP or create a GSS-ERP mechanism to transport
ERP messages within GSS tokens. Something like:
1. Initiator --> Acceptor: GSS-EAP (EAP Initiate/Re-auth(SEQ, keyName-NAI,
cryptosuite,Auth-tag*))
1a. Acceptor --> ER-Server: AAA-Request{Authenticator-Id,
EAP Initiate/Re-auth(SEQ,keyName-NAI,
cryptosuite,Auth-tag*)
2. ER-Server --> Acceptor: AAA-Response{rMSK,
EAP-Finish/Re-auth(SEQ,keyName-NAI,
cryptosuite,[CB-Info],Auth-tag*)
2b. Acceptor --> Initiator: GSS-EAP (EAP-Finish/Re-auth(SEQ,keyName-NAI,
cryptosuite,[CB-Info],Auth-tag*))
Even the ER-Server could be placed near the server (local ER server) reducing
the travel time of the messages.
Obviously this is just an idea, which needs to be elaborated and discussed. In
fact, as I said, I think it would be better to start defining a problem
statement, requirements etc... for fast re-authentication in ABFAB. UMU would
be willing to work on that.
Best regards.
El 12/03/2012, a las 10:18, [email protected] escribió:
>
> Hi, all
>
> An updated version of Federated Cross-Layer Access
> (draft-wei-abfab-fcla-02) is posted.
> The major changes is in claust 4 :
> - 4. message flow
> - 4.1 fast re-authentication
> - 4.2 secure data sharing
>
> here is the draft:
> http://www.ietf.org/id/draft-wei-abfab-fcla-02.txt
>
> Any comments are appreciated!
>
> -------------
> Yinxing Wei
>
> --------------------------------------------------------
> ZTE Information Security Notice: The information contained in this mail is
> solely property of the sender's organization. This mail communication is
> confidential. Recipients named above are obligated to maintain secrecy and
> are not permitted to disclose the contents of this communication to others.
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed. If
> you have received this email in error please notify the originator of the
> message. Any views expressed in this message are those of the individual
> sender.
> This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
> _______________________________________________
> abfab mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/abfab
-------------------------------------------------------
Rafael Marin Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: [email protected]
-------------------------------------------------------
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
