IF-MAP provisioning of resources and services

摘要

A method may include receiving a request from an endpoint to access a network; granting access to the network; and subscribing to an IF-MAP server for updates relating to the endpoint. The method may also include receiving an update pertaining to the endpoint, from the IF-MAP server; and transmitting the update to the endpoint. Additionally, a method may include receiving a request from an endpoint to access a resource in a network; denying the request from the endpoint based on a security policy; and subscribing or querying to an IF-MAP server for IF-MAP data pertaining to the endpoint. The method may also include receiving from the IF-MAP server the IF-MAP data; and publishing, by the device, to the IF-MAP server, IF-MAP data pertaining to the endpoint, where the IF-MAP data includes security policy parameters that comply with the security policy for accessing the resource.

主权项

1. A method performed by a first device, the method comprising:
receiving, by the first device, a request from an endpoint to access, via a network associated with the first device, a resource protected by a second device that differs from the first device; authenticating, by the first device and based on the request, the endpoint to obtain first authentication information, the first authentication information enabling the endpoint to access the network; forwarding, by the first device, the first authentication information to the endpoint; determining, by the first device and based on the request, that the endpoint is unauthorized, by the second device, to access the resource; forwarding, by the first device based on determining that the endpoint is unauthorized to access the resource, the first authentication information to a network admission control (NAC) device associated with the network, the NAC device being different from the first device and the second device, the NAC device generating second authentication information based on the first authentication information, and the second authentication information enabling the endpoint to access the resource through the second device; requesting, by the first device and from the NAC device, the second authentication information; receiving, by the first device and from the NAC device, the second authentication information; and transmitting, by the first device, the second authentication information to the endpoint.