EAP-CREDS: Enabling Policy-Oriented Credential Management in Access Networks

EAP-CREDS: Enabling Policy-Oriented Credential Management in Access Networks

It’s Credentials Management, Not Just Onboarding

  • EAP-CREDS cannot be used as a stand-alone method. It’s required that EAP-CREDS is used as an inner method of any tunneling mechanism that provides secrecy (encryption), server-side authentication and, for devices that already have a set of valid credentials, client-side authentication.
  • EAP-CREDS doesn’t mandate for (or provide) a specific protocol for provisioning or managing the device credentials because it’s meant only to provide EAP messages for encapsulating existing (standard or vendor-specific) protocols. In its first versions, however, EAP-CREDS also incorporated a Simple Provisioning Protocol (SPP) that supported username/password and X.509 certificate management (server-side driven). The SPP has been extracted from the original EAP-CREDS proposal and will be standardized as a separate protocol.
Figure 2 — Two EAP-CREDS sessions. On the left (Figure 2a), the server provisions a server-generated password (4 msgs). On the right (Figure 2b), the client renews its certificate by generating a PKCS#10 request; the server replies with the newly issued certificate (6 msgs).

S PP and EAP-CREDS: Flexibility and Efficiency

Policy-Based Credentials Management

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CableLabs

CableLabs

290 Followers

Our mission is to create a powerful innovation engine that develops life altering technologies that move communities and industries toward more connected tomorr