doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 1 Proposal for Online Enrolment Cluster Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at. Date: 16th Feb 2006 Authors:

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 2 Requirements Addressed ClusterRequirementAddressed or No Online EnrollmentE1 (Required) Addressed E2 (Optional)No E4 (Optional)Addressed E5 (Optional)Addressed GeneralG1 (Required)Addressed G2 (Required)Addressed G3 (Required)Addressed

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 3 Requirements E1, E4, & E5 E1: –“Define functionality by which the STA is able to determine what online enrollment methods are supported by the local network” E4: –“Functionality shall be provided by which APs can advertise (before connection) the charges that will be made for use of the network if a user enrols with it” E5: –“Define a way in which the functionality defined in requirement R8E1 can be extended to support enrolment with SSPNs.”

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 4 What is the desired from the requirements? Whether the network (Local Network or SSPN) have the capability to support enrolment for those users that have no possession of security credentials for the network? (E1 & E5) –In general, we can summarize access control polity into three classes: Open (free access) Online Enrolment Security Credentials Enrolment Method: –What online enrolment method are supported. (E1 & E5) Charges Policy: –Charges for use of the network if a user enrolls it. (E4)

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 5 Our Proposal for E1&E5 : Network Access Control Policy Define a Network Access Control Policy (NACP) Information as below that includes “enrolment” and “credential” bit to indicate the NACP of the related local network or SSPN : EnrolmentCredential 1 but1 bit EnrolmentCredentialNACP No Open YesNoOnline Enrolment NoYESCredential YES Both enrolment and credential

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 6 Our Proposal for E1&E5: Enrolment Methods Information Enrolment Method Information: –The current enrolment method is UAM that developed by Wi-Fi Alliance. –We propose a format to indicate the enrolment methods supported by a network: – –Enrolment method is identified by OUI + type as below: Enrolment methods counter (2 octets) Enrollment methods List (4-moctets) OUI (3 octets) type (1 octets)

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 7 Online Enrolment IE definition Short Online Enrolment IE (SOE-IE ) definition: Long Online Enrolment IE (LOE-IE) definition that includes Enrolment methods list: Element ID (1 octet) Length (1 octet) =1 NACP 1 octet, two bits used for NACP) Element ID (1 octet) Length (1 octet) NACP 1 octet, two bits used for NACP) Enrolment methods counter (2 octets) Enrollment methods List (4-moctets)

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 8 Proposal For E1, E4, &E5 ‘Entrance’ for External Network Information Discovery –We propose a new entity ‘entrance’ to DS that will be in charged with external network information discovery. AP can get external network information such as enrolment methods of a SSPN by entrance. Contain-IE used for general information encapsulation in Management frame, such information example includes: –SSPN identifier –Charges Policy (E4)

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 9 Container-IE Element IDLength (Octets) Information (Length) TBD? Includes those information that related with external network.

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 10 Entrance entity first addressed in IEEE802.11/0850r5 DSM AP Entrance AP STA1STA3 AS/ proxy GW AS SSPN Local Network GW

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 11 Our Proposal for E1, E4, &E5: Enrolment Information Transfer STAAP Beacon (SOE-IEs) Probe Response (LOE-IE, Container-IE) Probe Request (Container-IE (SSPN identifier)) Entrance Query Request (Container-IE) Query Response (Container-IE, LOE-IE)

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 12 G1: Minimize battery consumption for Mobile device Based the presupposition that the enrolment is mainly related to local network, we propose: – Beacon only transfer SOE-IE for active SSPNs, and for local network, LOE-IE that includes enrolment method lists can be broadcast by beacon. It will avoid active scan for local enrolment.

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 13 G2: Security Impact This proposal don’t rise new security questions except the general security factor for beacon and probe request/response. Beacon and Probe request/response frames are unprotected even in w. But maybe we can protect some IEs in these management frames but that should be considered by TGw.

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 14 G3: Allow APs to serve legacy STAs Beacon –Legacy STAs will ignore any IEs that defined by TGu Probe Request from Legacy STA –AP don’t do any extra process when no IEs defined by TGu included in Probe Request.

doc.: IEEE /0265r0 Submission February 2006 Zhonghui Yao, HuaweiSlide 15 Summary for online enrolment cluster Proposal addresses E1 (required),E4 (optional) and E5 (Optional) of the requirements in the online enrolment cluster and all general requirements.