Architecture for a 3-party-protocol
Damien Leroy
damien.leroy
Thu Mar 11 06:38:15 PST 2010
Hi,
In the context of our research, we have designed a network protocol
performing authentication between a mobile host, an authenticator and
third party. Each message is different and contains various payload (id,
signature, ...) but due to WiFi architecture, we could see the protocol
as a protocol between the supplicant and the authenticator mixed with a
protocol between the authenticator and the third party.
We have implemented it, but currently we are using classical EAP between
the supplicant and the authenticator and the authenticator creates a
radius client (in the EAP method) that encapsulate another EAP packet to
the third party. This way of doing is quite ugly in the authenticator
because we have to make the EAP-SM sleep while waiting for reply from
the 3rd-party and creating a radius client with all its parameters
inside our EAP method is not really transparent.
Would you have a better idea of infrastructure to implement this
mechanism while keeping the code clean and observing standards ? (of
course, we will implement it by ourselves)
Maybe it would be smarter to implement it using a, independant UDP
protocol (i.e., without RADIUS nor EAP) between the authenticator and
the 3rd party.
Best,
--
Damien Leroy
http://inl.info.ucl.ac.be/dleroy
ICTEAM Research Institute
UCLouvain - Belgium
More information about the Hostap
mailing list