1. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http:// ieee802.org/guides/bylaws/sb-bylaws.pdfstuart.kerry@philips.compatcom@ieee.org Date: 16th January 2006 Authors:

2. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 2 WiNOT consortium This presentation is made on behalf of the WiNOT (Wireless NetwOrking Technology), comprising: –Intel –Nokia –Siemens –Panasonic –STMicroeletronics –Cingular –BenQ –T-Mobile

3. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 3 Abstract This document is an initial proposal to address the requirements in the Online enrollment Cluster for 802.11 TGu. Content: - Proposal for R8E1 - Requirement Analysis for R8E2 - Proposal for R8E4 - Common solution for R8E1 & R8E4 - Analysis of general requirements - Summary

4. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 4 Requirement R8E1 “Define functionality by which the STA is able to determine what online enrollment methods are supported by the network” Notes: Some networks allow users to enroll “over the air” – for example, the Wi-Fi alliance has defined such functionality based on browser capture, as part of the Universal Access Method – (UAM) concept. The idea is to allow a STA to determine whether a network supports such functionality (and if so which one). If the network does not support enrollment, then the user must already be in possession of security credentials (e.g. as determined by the EAP method in use) unless the network provides open access.

5. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 5 Proposal for R8E1 – Functionality to determine online enrollment methods Desired Functionality Indicate whether online enrollment is supported or not (Yes/No) In case “Yes” provide a list of online enrollment methods {EAP, UAM, …etc} In case “No” indicate whether enrollment is not allowed (private/company access) or not required (open/public access) Possible Solution Use two capability bits in the broadcast beacon or in an extended capability information element Transport new information elements over management frames –Use existing management frames (e.g. Probe-Request/Response) –Define a new generic management frame

6. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 6 Requirement R8E2 (optional) “Define functionality for online enrollment” Notes: The only current widely adopted common online enrollment mechanism is the Wi-Fi Alliance’s Universal Access Mechanism (UAM) and this has many problems. For example it requires the user to start-up a browser (and users who are restricted to VLAN connections may be unable to do so), plus the initial connection must be unprotected, which makes it more difficult to switch on protection later.

7. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 7 Proposal for R8E2 – New functionality for online enrollment Requirement Evaluation UAM Method has got two main problems: –Browser needs to be started to enter credentials –WLAN interface needs boot in unprotected mode and has to re-start using received credentials or stays in unprotected mode –BUT: UAM and other similar mechanísm are out of scope of TGu Possible solution: Use EAP based enrollment method (draft-mahy-eap- enrollment-00.txt) –BUT: Solution needs a new EAP method and the support of EAP TLS –BUT: Out of scope of TGu Possible solution: Use DHCP Methods for configuration management –BUT: Solution needs to start WLAN Interface in unprotected mode –BUT: Out of scope of TGu Possible solution: Modify 802.1x port based authentication –Could this be a possible way? Proposal: Since its optional, leave it open for the time being …

8. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 8 Requirement R8E4 (optional) “Functionality shall be provided by which APs can advertise (before connection) the charges that will be made for use of the network if a user enrolls with it” Notes: While in principle most people would like this to be possible, there are a significant number of people who doubt that a practical and consistent mechanism can be defined. For this reason the group has marked it as optional – they are open to proposals in this area.

9. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 9 Proposal for R8E4 – Advertisement of charges for network usage Proposal: Indicate at least whether the use of the network is free of charge or not Q: Do we need an option – “We’re not saying!”? Use one capability bit in the broadcast beacon or in an extended capability information element Other ideas for a more detailed information on network charges: J. Caron: AAA cost advertisement extensions –draft-caron-aaa-cost-advertisement-00.txt W. Groeting: Network selection implementation results –draft-groeting-eap-netselection-results-00.txt K. Koora: Discussions on 802.21 IS Requirements –21-05-0459-00-0000-Dec08_2005_Telecon_Meeting_Minutes.doc

10. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 10 Common solution proposal for R8E1 and R8E4 Proposal: Combine indication of enrollment support and charges for network usage to cover to following scenarios: Use two capability bits in the broadcast beacon or in an extended capability information element EnrollmentCharges / Access not allowed Scenario YesNo Enrollment required, no charges Yes Enrollment required, charged NoYes no Enrollment, access not allowed No no Enrollment, no charges

11. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 11 Some Use Cases

12. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 12 Analysis of general requirements R8G1 and R8G2 R8G1: Minimize battery consumption New capability bits have no impact on power consumption Additional exchange of management frames to probe for new enrollment related information elements may increase power consumption R8G2: Security impact Enrollment functionality that has been advertised has to be checked in the enrollment procedure anyway Cost information has to be verified after authentication over a secured channel

13. doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 13 Summary for online enrollment cluster Proposal addresses R8E1 (required) and R8E4 (optional) of the requirements in the online enrollment cluster Battery consumption (G1) and Security implications (G2) of the proposal have been analyzed