Protocol carrying Authentication for Network Access (PANA)

1
Protocol carrying Authentication for Network
Access (PANA)

• Subir Das/Basavaraj Patil
• Telcordia Technologies Inc./Nokia
• 12/14/2001

2
Motivations

• Currently, the authentication process depends
  upon the type of network that a user is attaching
  to and it is very much tied to an access
  technology
• Since existing solutions are specific to access
  technologies, we need either a new mechanism or
  an extension to existing mechanism to
  authenticate users each time a new access
  technology is being standardized
• A common protocol for performing user
  authentication at the network layer (IP) or above
  could avoid the proliferation of such access
  specific solutions

3
PANA Framework Scenario1
PANA
AAA
DSLAM
PAA
Internet
PAA PANA Authentication Agent AAA
Authentication, Authorization and Accounting
4
PANA Framework Scenario 2
PANA
AAA
DSLAM
Local Subnet
PAA
Apps Server
Internet
PAA PANA Authentication Agent AAA
Authentication, Authorization and Accounting
5
Objective/Goals

• The working group's primary task is to define a
  protocol between a user's device and a node in
  the network that allows
• -- A device (on behalf of a user) to authenticate
  to an agent in the local network. The agent is
  called PANA Authentication Agent (PAA) in this
  charter
• -- The device to discover the IP address of the
  PAA
• -- The PAA to use either local mechanisms/knowledg
  e, or the AAA infrastructure i.e., being a
  client of the AAA, to authenticate the device
• The WGs secondary task is to create a Local
  Security Association (LSA) between the device and
  PAA after successful initial authentication

6
Mailing list Information

• To subscribe
• pana-request_at_research.telcordia.com
• In Body (un) subscribe
• General Discussion
• pana_at_research.telcordia.com
• Archive
• ftp//ftp.research.telcordia.com/pub/Group.archiv
  e/pana/archive