The present invention relates to simplified Protocol for Carrying Authentication for Network Access (sPANA) which can be understood by reference to all the documents listed at the end of the specification, the entire contents of which are incorporated herein by reference for all purposes.
Digital Subscriber Line (DSL) broadband access networks have been evolving in aggregation technologies and protocols. One of the major transitions is from a Point-to-Point Protocol (PPP) [RFC1661] for a multi-protocol framing and dynamic endpoint configuration to a direct encapsulation of Internet Protocol (IP) and Dynamic Host Configuration Protocol (DHCP) for a dynamic endpoint configuration. The term used by the Broadband Forum for the network state associated with an authorized subscriber is “IP session” [RFC-5193]. Substitute authentication mechanisms may be needed to enable the transition from the PPP session to the IP session. Continuous efforts have been made on two aspects for IP session authentication, i.e. DHCP extension and PANA.
A DHCP extension is defined in [I-D.pruss-dhcp-auth-dsl] to provide authentication prior to configuration of a host. This solution aims to operate with existing RADIUS-based Authentication, Authorization and Accounting (AAA) infrastructure and Asynchronous Transfer Mode (ATM) or Ethernet based DSL Networks. The DHCP extension may only be a feasible short-term alternative solution.
The PANA is defined in [RFC-5191]. The PANA is a network-layer transport for Extensible Authentication Protocol (EAP) to enable network access authentication between clients and access networks. The PANA protocol may be run between a client, such as PANA Client (PaC), and a server, such as PANA Authentication Agent (PAA), to perform authentication and authorization for the network access service. The protocol messaging comprises a series of requests and answers. This PANA may be a desirable long-term solution. However, there are some problems when applying the PANA to existing DSL Broadband networks.
There still remains a need to develop techniques that make PANA suitable in a Broadband Forum architecture. In such an architecture, it is necessary to authenticate the subscriber before allocating an IP address.