Tunnel Extensible Authentication Protocol (TEAP) Version 1

Cam-Winget, Nancy; Hanna, Steve; Zhou, Hao; Salowey, Joseph

doi:10.17487/rfc7170

Cited by 12 publications

(17 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition to the NAI name form, [RFC7833] also defines a pair of implicit name forms corresponding to the client and the client's machine. These implicit name forms are based on the Identity-Type enumeration defined in the Tunnel Extensible Authentication Protocol (TEAP) specification [RFC7170]. If the name form returned in a SAML statement is not based on the NAI, then it is a requirement on the EAP server that it validate that the subject of the SAML Assertion, if any, is equivalent to the subject identified by the NAI used in the RADIUS or Diameter session.…”

Section: Saml Assertionsmentioning

confidence: 99%

See 1 more Smart Citation

Application Bridging for Federated Access Beyond Web (ABFAB) Architecture

Hartman¹,

Tschofenig²,

Schaad³

et al. 2016

View full text Add to dashboard Cite

Section: Saml Assertionsmentioning

confidence: 99%

“…As of this writing, the only EAP method that meets these criteria is TEAP [RFC7170], either alone (if client certificates are used) or with an inner EAP method that does mutual authentication.…”

Section: Extensible Authentication Protocol (Eap)mentioning

confidence: 99%

Application Bridging for Federated Access Beyond Web (ABFAB) Architecture

Hartman¹,

Tschofenig²,

Schaad³

et al. 2016

View full text Add to dashboard Cite

“…For the supplicant, it is thus difficult to communicate a meaningful error to the user. The newly specified EAP type TEAP, Tunnel Extensible Authentication Protocol [RFC7170], has a means to transport fine-grained error reason codes to the supplicant; this has the potential to improve the situation in the future.…”

Section: Communicating Account Blocking To the End Usermentioning

confidence: 99%

The eduroam Architecture for Network Roaming

Wierenga¹,

Winter²,

Wolniewicz³

2015

View full text Add to dashboard Cite

This document describes the architecture of the eduroam service for federated (wireless) network access in academia. The combination of IEEE 802.1X, the Extensible Authentication Protocol (EAP), and RADIUS that is used in eduroam provides a secure, scalable, and deployable service for roaming network access. The successful deployment of eduroam over the last decade in the educational sector may serve as an example for other sectors, hence this document. In particular, the initial architectural choices and selection of standards are described, along with the changes that were prompted by operational experience.

show abstract

“…Specifically, a PCP authentication implementation MUST support Extensible Authentication Protocol Tunneled Transport Layer Security (EAP-TTLS) [RFC5281] and SHOULD support the Tunnel Extensible Authentication Protocol (TEAP) [RFC7170]. Therefore, after a successful authentication procedure, a Master Session Key (MSK) will be generated.…”

Section: Authentication Triggered By the Clientmentioning

confidence: 99%

“…Specifically, EAP lower layers indicate to EAP methods and Authentication, Authorization, and Accounting (AAA) servers the MTU of the lower layer. EAP methods such as EAP-TLS [RFC5216], TEAP [RFC7170], and others that are likely to exceed reasonable MTUs provide support for fragmentation and reassembly. Others, such as EAP -Generalized Pre-Shared Key (EAP-GPSK) [RFC5433], assume that they will never send packets larger than the MTU and use small EAP packets.…”

Section: Sequence Numbers For Common Pcp Messagesmentioning

confidence: 99%