Submit Your Site For Free!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

SysAdminNews
SecurityProNews
ITmanagement










The 802.1X Supplicant Initiative

By Steve Duplessie
Expert Author
Article Date: 2007-05-17

First let me state that those are words I barely understand, and until recently have never even used the word "supplicant", correctly or otherwise.

Having said that, kudos to Jon Oltsik for seeing a wrong in the world of IT and doing something about it. It turns out that some big guys bought some little guys and because of that, other big guys were about to have to create their own proprietary ways to provide basic security connectivity features for their edge products. No one really cared about giving a few bucks to Funk software (bought by Juniper) or to Meetinghouse (bought by Cisco), or using Microsoft's implementation when it was all but free, and really, who cares about Funk or Meetinghouse? When Cisco buys one and then Juniper the other, the picture changes. Since other big guys don't want to A: pay competitors and B: support the competitive cause, the only way around ending up with another batch of confusing, proprietary IT problems was to get everyone on board with an open source standard. There is no value in having a proprietary way to connect to something, but there are a ton of potential problems with having to do so.

Here are some FAQ's from their site - www.openseaalliance.org

What work is the alliance undertaking?

The initial effort will be to support the development of a robust open-source 802.1X supplicant.

What is 802.1X?

802.1X is an IEEE standard providing port authentication in LANs. It has since been used extensively in 802.11 wireless security and is a part of WPA. It is increasingly seeing use in wired Ethernet environments as well. The 802.1X specification provides an authentication framework enabling endpoint devices to be authenticated by a central authentication service. The 802.1X specification uses the Extensible Authentication Protocol (EAP) for exchanging messages as part of the authentication process.

What is an 802.1X supplicant?

An 802.1X supplicant acts as the client side of a client/server authentication handshake. When an 802.1X supplicant tries to access a network, it is challenged for authentication credentials by an 802.1X authenticator (typically an Ethernet switch or Wireless Access Point). The supplicant and authenticator then exchange authentication credentials over a particular type of EAP (i.e. PEAP, EAP-TLS, EAP-TTLS). When the supplicant provides authentication credentials, the authenticator forward them on to an authentication server via the RADIUS protocol for verification. If the authentication credentials are valid, the authentication server sends an "accepted" message to the authenticator which then grants network access to the supplicant.

The 802.1X standard has not been widely implemented in wired networks. Why is this?

Like many early standards, 802.1X has had a number of issues with standards implementation, product stability, and lack of user knowledge. As a result, 802.1X implementation is most often associated with wireless network implementation and has not gained a lot of traction in wired LAN environments.

The OpenSEA Alliance believes that it can act as an industry change agent to help overcome these early problems while advancing the technology. The OpenSEA Alliance can help stabilize 802.1X by developing and promoting a robust and widely available open source client. The OpenSEA Alliance also intends to champion 802.1X by becoming a champion for technology advancement and user education.

Is OpenSEA developing an open source 802.1X supplicant from scratch?

No. The initial source code for the project will rely heavily on the existing open-source Xsupplicant from the Open1X Project. The OpenSEA Alliance believes that its preliminary tasks for Open1X's Xsupplicant include supporting WindowsXP, developing an easy-to-use GUI, and adding an API for extensibility. Following this extension of functionality, a robust testing effort will be the priority to enable Xsupplicant to become the "Firefox" of 802.1X clients.

Are there commercially available 802.1X supplicants?

Yes. The 3 largest providers of commercially available supplicants are Cisco (who acquired the technology from Meetinghouse), Juniper (who acquired the technology from Funk Software) and Microsoft. OpenSEA hopes to further 802.1X adoption by providing the market with an open-source alternative to these commercial offerings.

Oltsik came up with the idea, baked the program, and by using his brains and market muscle got a bunch of folks to belly up. I'm willing to bet that you will see the rest of the players fall into line with this program chop chop. Monday, the OpenSEA Alliance was announced in order to create an open source standard for "secure edge access" - and doesn't that seem like a dandy idea? Watch how many folks join the bandwagon by next weeks Interop show.

This is not the last open source standards initiative ESG will be driving. There are other areas we are exploring where we can help wrangle the cats for the common good of all. We need standard ways of doing the same things that don't add real value, but without standards can cause real problems. I'm hoping we have our next initiative announced in the infrastructure virtualization world in short order.

Nice work, Jonny.

Comments
About the Author:
Steve Duplessie is the author of the "Steve's IT Rants" blog, and the founder and Sr. Analyst of the Enterprise Strategy Group.

Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact

SysAdminNews is an iEntry, Inc. ® publication © 1998-2008 All Rights Reserved Privacy Policy and Legal