About the ECP

The EAP Certification Program (ECP) is a new component integrated into Windows Vista SP1, Windows Server 2008 and Windows 7 logo program that enables Microsoft Logo certification and Windows Update distribution of vendor manufactured EAPHost components. The primary goal of the program is to help vendors ensure the quality, security and compatibility to Windows of their EAPHost components as well as facilitate distribution of components and their updates. This is achieved by validating components on the following aspects:

  • Compatibility with Windows OS on x86 and x64 architectures.
  • Security in the local machine including securing the authenticated credentials.
  • Stress tested to ensure the high performance required for network authentication as well as good performance under low resource conditions.

What is EAPHost?

EAPHost is the new Extensible Authentication Protocol (EAP) extensibility framework in Windows 7, Windows Vista, Windows Server 2008 R2 and Windows XP SP3 SDK enabling development of EAP methods and supplicants that provide or consume authentication services from other installed EAPHost components.

It can also be described as a Network Authentication Infrastructure into which different authentication methods can plug into. The authentication methods which plugs into EAPHOST needs to implement a set of API’s. The EAPHOST exposes these set of API’s which can be called by the supplicants. These Supplicants are the Client Modules that accesses and connects to the network and use EAPHOST API’s to get through the network authentication.

Further information regarding EAP on Windows, EAPHost and the Windows SDK is available through the following:

·         EAP in Windows

·         EAPHost framework

·         Windows SDK

 

EAPHost components applicable to this program include the following:

  • EAP Peer Methods – The client side EAP methods used to authenticate to a network.
  • EAP Peer Tunnelling Methods - The client side EAP methods used to authenticate to a network which establish an encryption tunnel to facilitate secure information exchange for authentication.
  • EAP Authenticator Methods – The server side EAP methods used to terminate a network authentication on Microsoft’s RADIUS and Network Policy Server (NPS).
  • EAP Authenticator Tunnelling Methods - The server side EAP methods used to terminate a network authentication on Microsoft’s RADIUS and Network Policy Server (NPS) which establish an encryption tunnel to facilitate secure information exchange for authentication.
  • Supplicants - Network supplicants with EAP authentication support using EAPHost.

Value Addition and Proposition

The ECP (EAP Certification Program) certifies EAP Methods and EAP Supplicants meet a pre-determined set of requirements that encompass various functional, interoperability, reliability, security, business and legal dimensions. The goal of these requirements is to provide 3rd parties with the ability to ship their EAP Methods and EAP Supplicants with Windows Operating Systems, while simultaneously ensuring that new EAP Methods and Supplicants meet the overall customary high-expectations that Microsoft customers have of the Windows Operating System.

Consider a typical present day scenario where Network Administrators or Users have a need to deploy the specific supplicant and method for a client machine to be able to securely access their network. For meeting with this requirement, IHV vendors, today, end up developing both EAP based authentication methods as well as supplicants. With ECP, IHV vendors can focus their development efforts on creating only the secure authentication method i.e., only their core component. ECP can potentially add value for resolving such issues.

The ECP is implemented as a series of pre-determined stages that occur in sequential order. EAP Methods and Supplicants are submitted to the EAP Certification Program and proceed through each stage. At the successful conclusion of all stages, EAP Methods and Supplicants are included in the Windows Operating System(s) through Windows Update.

Moreover, the other advantages for authentication method and supplicant developers to go ahead and certify their components are manifold, some of which include:

·         Increase market consumption of your new EAP method by showing that it is fully Windows compatible and offering it to your customers through Windows Update (WU)

·         Ensured great reliability and quality of the certified components developed.

·         Better mindshare to their core components and reassures both users and administrators to adopt their components.

·         Certified components are made available through Windows Update thereby solving the deployment blockage of such components.

·         Any future updates to the certified components can be deployed with great ease and discretion.

Furthermore, even if you decide not to go for Windows Update, your components still enjoy more adaptation because of better mindshare and reliability that certification provides.

ECP Certification

ECP submissions require passing the ECP test requirements in Windows Logo Kit (WLK) and utilize the WinQUAL mechanism like all other Windows Certification Programs. Additional information on the Hardware Logo program requirements and ECP requirements is available through:

Further information on obtaining and using WLK:

Components passing the applicable automated test cases detailed in this document are certified by Microsoft as subject the Logo and WinQUAL legal agreements active at the time of submission and are available through the following:

·         Designed For Windows Logo License Agreement V10.0

·         WHQL Testing Agreement V2.1

ECP Certification Blog

For further information of the ECP and how can you participate in the program and get your components certified, please visit the ECP Blog at the following location:

http://blogs.msdn.com/eapteam/default.aspx.

Please feel free to contact me in case you need more information.

Ashish Jain

Program Manager

ashish.jain@microsoft.com