| RE: EAP SIM and AKA identities. | <– Date –> <– Thread –> |
From: henry.haverinen (henry.haverinen nokia.com)
|
|
| Date: Thu, 7 Apr 2005 05:08:19 -0400 (EDT) | |
Hello
Suresh,
The
term "identity" refers to an identity string that includes the
realm
portion in environments where a realm is needed.
"Username" refers to
the
username portion of the identity. Explanations for the terms
"permanent identity" and "permanent username" are
included in the terms section
of the
documents.
The leading digit (0 or 1) of the permanent username
would be useful as a hint only when processing
an EAP-Response/Identity packet.
The peer uses AT_IDENTITY only in response to an
EAP-SIM or EAP-AKA
packet, so the EAP method has already been selected in
this phase. Hence
the
server does not need to use the leading digit of the username as an EAP method
selection
hint
anymore. Nevertheless, if the peer composes the permanent username
from
the
IMSI, as specified in the drafts, then the peer will still include
the leading digit.
The
format of AT_IDENTITY is specified in section 9.8 of EAP-SIM and
section
9.5 of
EAP-AKA. These sections say that the same identity format is used in the
AT_IDENTITY
attribute and the EAP-Response/Identity packet, with
the exception
that
the peer MUST NOT decorate the identity it includes in AT_IDENTITY.
The identity format is
specified in section 4.2.1 of EAP-SIM and 4.1.1
of EAP-AKA.
The
realm portion is not considered as decoration. In other words, If the
identity includes a realm
portion in the present enviroment, then the peer
includes the realm also in the AT_IDENTITY attribute.
Best
regards,
Henry
-----Original Message-----
From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com]On Behalf Of ext Suresh
Sent: 06 April, 2005 10:13
To: eap [at] frascone.com
Subject: [eap] EAP SIM and AKA identities.
Hi
I have a small clarification in the identities and user names used in the EAP-SIM and AKA implementations.
When ever a client needs to send fill in the AT_IDENTITY attribute, it has to fill in the complete identity, and the identity may or may not have a realm portion.
The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA and SIM respectively.
It is also given that
The EAP server MAY use the leading "1" as a hint to try EAP-SIM as
the first authentication method during method negotiation, rather
than for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM
even if the leading character was not "1".
for EAP-AKA.
I could not understand how user name is sent to the EAP-Server, in actual, complete identity is sent in the AT_IDENTITY attribute and not just the user name.
regards,
Suresh
-
EAP SIM and AKA identities. Suresh, April 6 2005
- RE: EAP SIM and AKA identities. henry.haverinen, April 7 2005
- Message not available
- RE: EAP SIM and AKA identities. Suresh, April 10 2005
- RE: EAP SIM and AKA identities. henry.haverinen, April 11 2005
Results generated by Tiger Technologies using MHonArc.