TNC EAP. IETF EAP WG August 2005 John Vollbrecht [email protected] TNC - Background. Subgroup of TCG - Trusted Computing Group Support authorizing of “platform integrity” Concept is to allow checking of “state” of client prior to allowing access to the network
1.TNC defines a handshake as a dialog which includes one or more request/response with the TNCS making a recommendation at the end of the dialog.
2.EAP methods interface with a defined state machine that specifies how to control EAP conversations and interface with EAP methods. This is important because TNC is a conversation, not set of attributes.
3.EAP methods can be carried in any currently known “protected” method; The protected methods include a state machine that can run “inner” EAP methods.
4.Protected methods also carry other message types such as TLVs or AVPs. These tend to be are slightly different in each “protected” method. EAP methods are identical in all protected methods.
5. If carried as TLVs or AVPs then one must include control mechanisms to let the lower layer know the result of a conversation and when it is done. This is done as part of EAP method..
6.EAP methods can be written independently of the “protected” methods carrying them. They can be installed in the same way as other EAP methods.
7. An EAP method can be stand-alone for inhouse as well as interoperability testing. This permits testing between TNCC and TNCS as well as between IMCs and IMVs independently of any protected method.