scope:

Overview and Scope

This device template is compliant with the UPnP Device Architecture, Version 1.0.

This service-type enables a UPnP control point to configure and control the parameters pertaining to authentication by an authentication server. The service specifies variables and actions that are used by control points to add, update and delete records used for authentication. This would typically be used for maintaining per-client authentication parameters on a device. This service would support a user/client list with the credentials (password, public key) and the specific access rights on a per-user basis. The service is mainly designed for authentication on a wireless access point (AP) that implements link layer security such as 802.1x. It may be used for other purposes - e.g., to securely store client credentials such as certificates and asymmetric keys for network-layer security protocols.

The working committee has however looked at this service only from the perspective of 802.1x usage and therefore this document makes several references to the 802.1x protocol. This service may be co-located with the access point device that requires the authentication service or located on a different device on the network such as an Internet Gateway Device (IGD). The service was defined to associate WLAN clients and their credentials to bootstrap a secure WLAN in a UPnP technology compliant WLANAccessPointDevice*.

This service is defined as a standalone service and will remain at the component level. Any product that implements a standard device specification will have the option to implement this standard service specification. The product will be tested at certification testing time for this service in addition to being tested to the product's original device type (e.g., WLANAccessPointDevice, InternetGatewayDevice).

* Refer to companion documents defined by the UPnP Internet Gateway working committee for more details on specific devices and services referenced in this document.