RealTime IT News

OpenSEA Shows Off Open Source 802.1X Client

Interop is often a time when new alliances are announced, though some never amount to anything more than a press release. The OpenSEA (Open Secure Edge Access) alliance, which was announced in May just ahead of the Las Vegas Interop show, is trying to prove that it's more than just a one-shot announcement with its first product release, debuting today ahead of this week's Interop New York 2007.

The group is scheduled to release its Windows-based, open source 802.1X client, known as Xsupplicant. The IEEE 802.1X standard is a port-level authentication approach with security for both wired and wireless users.

The use of a client, or "supplicant," is key to 802.1X operation. Major networking vendors including Cisco, Juniper and others have their own proprietary supplicant, while the goal of OpenSEA is to produce an open source version for Windows.

"OpenSEA has delivered on the first stage of its charter by bringing an easy-to-use 802.1X supplicant to the market," Sean Convery, OpenSEA board member and CTO of Identity Engines, told InternetNews.com.

The release took nearly six months to put together, a delay Convery attributed to what he described as the effort's inherent challenges. OpenSEA's Xupplicant is based on the existing, Linux-only software of the same name.

Beyond just being available for Windows, Convery argued that there is more to the release, with the user interface itself being the most visible and important feature of OpenSEA's Xsupplicant.

"Porting from Linux to Windows is a challenging endeavor, while at the same time [OpenSEA is] enhancing the functionality to include an API and an easy-to-use GUI," Convery said. "The rubber meets the road with 802.1X in configuration and management ... The challenge is supporting the breadth of configuration options that 802.1X allows while giving the user an experience that is intuitive. Xsupplicant has made great strides in this regard."

Though OpenSEA has been focused providing and 802.1X supplicant for Windows, Microsoft actually already provides its own supplicant in Windows XP SP2 as well as in Windows Vista. That fact doesn't dissuade Convery from the merits of the OpenSEA effort.

"802.1X in native OSs remains somewhat challenging to configure, especially when an organization is trying to coordinate 802.1X configuration across numerous desktop OS types," Convery argued.

That fact, along with the benefits of a third-party, standards-compliant open source supplicant, could help the group's effort gain traction.

At least one networking vendor queried by InternetNews.com expressed interest in the OpenSEA effort. In a statement sent to InternetNews.com, Check Point spokesperson Matt Hite said availability of a vendor-neutral 802.1X supplicant would provide more choices for customers contemplating a NAC (network access control) deployment.

"Check Point is committed to delivering and supporting the right solution for each customer, and the open-source supplicant development efforts of the OpenSEA are seemingly aligned with this same goal," Hite said.

Still, OpenSEA faces obstacles. One potential challenge for the group is gaining participation from a wider community. OpenSEA's members include Aruba Networks, Extreme Networks, Identity Engines, Infoblox, Symantec, TippingPoint and Trapeze Networks. Convery expects that total membership will increase in the near future as the supplicant moves toward mainstream release quality.

"As the supplicant gets deployed in more locations, we anticipate that code contributions from the community will also increase," he said.

That could help with what Convery described as the biggest single challenge ahead for OpenSEA: ensuring the supplicant gets adequate testing with various permutations of endpoint hardware and software.

"This is the reason we are engaging the broader community with this announcement," he said. "To the extent that 802.1X adoption increases, with Xsupplicant or another standards-compliant offering, OpenSEA succeeds. Our end goal is to increase awareness and deployment of 802.1X."