The following terms are specific to this document:
ability of one entity to determine the identity of another entity.
authentication server: The
entity that verifies that a person or thing is who or what it claims to be
(typically using a cryptographic protocol) and issues a ticket or token
attesting to the validity of the claim. The total set of authentication
protocol security support providers (SSPs) that are typically available on a
Windows server release.
authenticator: The entity
requesting the authentication
of a peer.
code page: An ordered set
of characters of a specific script in which a numerical index (code-point
value) is associated with each character. Code pages are a means of providing
support for character sets (1) and keyboard layouts used in different
countries. Devices such as the display and keyboard can be configured to use a
specific code page and to switch from one code page (such as the United States)
to another (such as Portugal) at the user's request.
dictionary attack: A
technique for defeating an authentication mechanism by systematically searching
through a large number of possibilities to deduce shared secrets.
EAP: See Extensible Authentication
EAP method: An authentication mechanism
that integrates with the Extensible
Authentication Protocol (EAP); for example, EAP-TLS, Protected EAP v0
(PEAPv0), EAP-MSCHAPv2, and so on.
EAP peer: A network
access client that is requesting access to a network using EAP as the
EAP server: The backend authentication server;
typically a RADIUS (as specified in [RFC2865]) server.
EAP-CHAP: The Extensible
Authentication Protocol for the Microsoft Challenge Handshake Authentication
cryptography, the process of obscuring information to make it unreadable
without special knowledge.
Protocol (EAP): A framework for authentication that is used
to provide a pluggable model for adding authentication protocols
for use in network access authentication,
as specified in [RFC3748].
Group Policy: A mechanism
that allows the implementer to specify managed configurations for users and
computers in an Active Directory service environment.
master session key: A
temporary cryptographic key that is used to derive other cryptographic keys to
be used to encrypt and decrypt parts of a session-based protocol.
mutual authentication: A
mode in which each party verifies the identity of the other party, as described
in [RFC3748] section 7.2.1.
peer: The entity being
authenticated by the authenticator.
session: A collection of
multimedia senders and receivers and the data streams that flow between them. A
multimedia conference is an example of a multimedia session.
SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as
defined in [RFC2119].
All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.