Can you please provide me an overview of the EAP Certification Program (ECP)?

EAPHOST in Microsoft Windows platforms contain an implementation of the Extensible Authentication Protocol (EAP) as described primarily by RFC 3748 that allows for different authentication methods to plug in (EAP in Windows). EAPHOST is used extensively in a number of different networking authentication scenarios. Today, these scenarios include Wired/Wireless via 802.1x and RAS/VPN via the PPP protocol suite – and sometimes, 3rd parties build their own wireless or PPP supplicants (and EAP implementations) that replace those already provided natively in Windows. EAPHOST programming model felicitates 3rd party EAP authentication method authors to implement and integrate with the native windows supplicants and other 3rd party supplicants which use EAPHOST. While Microsoft provides authentication methods like PEAP, EAP-TLS, EAP-MSCHAP v2, Microsoft’s customers are requesting additional in-box EAP method and supplicant support from Windows. The basis for this request is to facilitate new features and to improve network security and interoperability. Moreover, some of Microsoft’s partners and ISVs are requesting the ability to ship their EAP methods and EAP supplicants along with Windows to ease the deployment of their software.

These two needs – Microsoft’s needs for improved in-box EAP method/supplicant support, for “future-proofing” and ISV/IHV’s desire to ship their methods and supplicant’s in-box with Windows – point to a clear solution: A Microsoft Windows EAP Certification Program. ECP helps vendors ensure the quality, security and compatibility to Windows of their EAPHOST components as well as facilitate distribution of components and their updates. This is achieved by validating components on the following aspects:

  • Compatibility with Windows OS on x86 and x64 architectures.
  • Security in the local machine including securing the authenticated credentials.
  • Compatibility with ECP devices for simple distribution, installation and update.
  • Stress tested to ensure the high performance required for network authentication as well as good performance under low resource conditions.