| 摘要 |
For establishing a MIPv6 security association between the mobile node ( 10 ) roaming in a foreign network ( 20 ) and a home agent ( 36 ) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain ( 20 ), allowing AAA client ( 22 ) and AAAv ( 24 ) to act as mere pass-through agents during the procedure.
|
