OpenSEA Aims for a More Pervasive 802.1x

IEEE 802.1x promises port-level authentication with security for
both wired and wireless users. But it’s a promise that has not yet
been fully realized on an industry-wide level for a variety of
reasons, among which is the open availability of an
enterprise-class standard client for interfacing with 802.1x

A new consortium called OpenSEA (Open Secure Edge Access) is
hoping to make 802.1x more pervasive by developing an
enterprise-class open source 802.1x supplicant. OpenSEA’s members
include Aruba Networks,
Extreme Networks,
Identity Engines, Infoblox, Symantec,
TippingPoint and Trapeze Networks.

“For 802.1x you have the network infrastructure, which needs to
be 802.1x-capable in your switches, cards and access points,” Sean
Convery, CTO at Identity Engines and OpenSEA board member, told

“And then you also need, in 802.1x jargon, the supplicant, or
client, which allows the end point to connect to the
infrastructure. The organizations that founded OpenSEA all have the
common goal of wanting to promote 802.1x as a technology. Making an
open source supplicant will help that happen.”

Identity Engines makes a network-centric policy server decision
engine that allows network access with consistent policies. Convery
explained that 802.1x is a key technology to allow functionality
for enabling better security, and if 802.1x succeeds, it helps
Identity Engines succeed.

Paul Sangster, chief security standards officer and
distinguished engineer at Symantec, said helping his company
succeed with its network security efforts is why it’s involved with

“The promise of 802.1x providing access time security for
authentication and for network access control offers a lot of
potential and we have products all across the space,” Sangster who
is also an OpenSEA board member said. “Having a reliable base open
source supplicant would help a number of our product offerings
removing a barrier to 802.1x being successful.”

OpenSEA isn’t starting from scratch in its effort, but with the
Open1x open source
supplicant effort
called Xsupplicant. Xsupplicant is a basic
command line Linux based interface but OpenSEA will be extending
the client’s functionality and working on developing a graphical
user interface as well as ports for Microsoft Windows XP and Apple

The new OpenSEA 802.1x supplicant will be dual-licensed under
the BSD (
) and GPL (
) open source licenses, enabling the effort to be used by
both commercial and open source entities.

Among the challenges facing OpenSEA will be trying proving to
people that the solution works as it should. Symantec’s Sangster
noted that a big challenge will be proving to the member companies
that OpenSEA has an enterprise-grade solution that is highly
interoperable on a large number of platforms. Convincing consumers
of the same thing is the other half of the equation.

A big challenge that is often noted by vendors as a barrier to
adoption for 802.1x penetration is hardware pervasiveness. That is
not an issue for Identity Engine’s Convery.

“Every wireless product shipped today will do it, and up and
down the line in the Ethernet switches, 802.1x is being baked into
the products,” Convery said. “So while there is a percentage of
wired infrastructure that is not yet 802.1x-capable I would argue
that most, if not all, wireless infrastructure is.”

The real challenge of 802.1x, Convery continued, is the
education and mind shift required by network administrators.

“The challenge beyond the capital cost of gear is the change to
network operations. Going from an unauthenticated internal network
to a network where you plug in and are authenticated at the port
level is a shift for IT organizations,” Convery said.

“We’re hoping that by seeding the market with this stable open
source common client it will enable IT organizations to then go to
the next phase of actually realizing what an enterprise-wide
rollout of 802.1x looks like.”

Article courtesy of

Add to

Latest Articles

Follow Us On Social Media

Explore More