State Machines for EAP Peer and Authenticator
This document describes a set of state machines for EAP Peer, EAP Authenticator (supporting local, passthrough and backend), for EAP Passthrough method, and for 'backend adapter' that adapts EAP traffic carried by an AAA protocol such as RADIUS or Diameter to a Backend Authenticator. This set of state machines shows how EAP can be implemented to support deployment in either a Peer/AP or Peer/AP/AAA Server environmnet. The Peer and Authenticator machines are illustrative of how the EAP protocol defined in [I-D.ietf-eap-rfc2284bis] may be implemented. The Passtrhough method and 'backend adapter' illustrate how EAP protocol support defined in [I-D.aboba-radius-rfc2869bis] may be implemented. Where there are differences [I-D.ietf-eap-rfc2284bis]/ [I-D.aboba-radius-rfc2869bis] are authoritative. This document describes a state machine based on an EAP 'Switch' model. This model includes events and actions for the interaction between the EAP Switch and EAP methods. The State Machine and associated model are informative only. Implementations may achieve the same results using different methods. A brief description of the EAP 'Switch' model is given in the Introduction section. This document is still a work in progress. The authors believe it corresponds to the current state of revisions to the defining [I-D.ietf-eap-rfc2284bis]/[I-D.aboba-radius-rfc2869bis] documents, but it has not been vetted by the EAP working group as a whole. An appendix to this document points out issues the authors believe still need to be resolved between the documents. The intent is to synchronize this document with [I-D.ietf-eap-rfc2284bis] and [I-D.aboba-radius-rfc2869bis] revisions when they are released and then submit it as an RFC.