Specifications
OmniAccess Reference: AOS-W System Reference
196 Part 031652-00 May 2005
Definitions and Common Abbreviations
Authentication server
An entity that provides an authentication service to an authenticator. This service
determines, from the credentials provided by the supplicant, whether the suppli-
cant is authorized to access the services provided by the authenticator. Example:
Microsoft IAS is an Authentication Server.
Authenticator
An entity at one end of a point-to-point LAN segment that facilitates authentica-
tion of the entity attached to the other end of that link. Example: Alcatel-6000 is
an 802.1x Authenticator.
Certificates
Certificates are digital documents which are commonly used for authenticating
users, computers and for securing information on open networks. Certificates
bind public keys to the entity that possesses the private key and are digitally
signed by the issuing certification authority (CA).
Certification authority (CA)
A certification authority is an entity which is responsible for establishing and
vouching for the authenticity of public keys belonging to subjects (usually users
or computers) or other certification authorities. Activities of a certification
authority can include binding public keys to distinguished names through signed
certificates, managing certificate serial numbers, and certificate revocation.
EAP
(Extensible Authentication Protocol) is a general protocol for PPP authentication
which supports multiple authentication mechanisms.
EAP-TLS
(EAP-Transport Level Security) is used in certificate-based security environ-
ments. It provides the strongest authentication and key determination method.
EAP-TLS provides mutual authentication, negotiation of the encryption method,
and encrypted key determination between the client and the authenticator.
EAP-TTLS
(EAP- Tunnelled TLS Authentication Protocol) is an EAP protocol that extends
EAP-TLS. In EAP-TLS, a TLS handshake is used to mutually authenticate a client
and server. EAP-TTLS extends this authentication negotiation by using the
secure connection established by the TLS handshake to exchange additional
information between client and server. In EAP-TTLS, the TLS handshake may be
mutual; or it may be one-way, in which only the server is authenticated to the cli-
ent.