90 likes | 101 Views
LAN Attributes Extension draft-adrangi-radius-attribute-extenstion-01.txt IETF #60. Farid Adrangi, Avi Lior, Jouni Korhonen. User Identity Alias Attribute. Problem Space
E N D
LAN Attributes Extensiondraft-adrangi-radius-attribute-extenstion-01.txtIETF #60 Farid Adrangi, Avi Lior, Jouni Korhonen
User Identity Alias Attribute • Problem Space • The true identity of the subscriber can be hidden from the NAS and RADIUS AAA proxies outside the subscriber’s home network (i.e., outer NAI identity = anonymous@ anyisp.com), which leads to the following concerns: • AAA proxies need to correlate an authentication session to a user identity known only by the user’s home network. Examples: • For fraud detection and protection • For revenue assurance • NAS may require to match the user session and accounting records to a user identity known to the user’s home network. Examples: • For Charging dispute A unique identity known by the home network needs to be conveyed to all parties involved in the roaming transaction
User Identity Alias Attribute • Solution Space • Can we use the existing attributes to solve the problem? • Class • The content of class attribute is intended to be opaque; known and interpreted by the home network • UserName(1) Rewrite • UserName(1) value could be rewritten by the intermediaries • Subsequent accounting request may fail to route through the intermediary exchanges due to the lack of decoration knowledge by the home network • Proposed User Identity Alias Attribute • Avoids overloading the original purpose of UserName (1) • Eliminates the routing issues due to NAI decoration
User Identity Alias Attribute Format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The User-Identity Alias types: 00 – reserved 01 – IMSI 02 – NAI 03 – E.164 number 04 – SIP URL (as defined in [13]) 05 – Opaque string Examples: ”02:charging-id@realm.org” ”03:+4689761234”
Generic RADIUS Application Capability Attribute • Enable a home RADIUS server to discover capabilities of a RADIUS client • The capabilities indicate standard-based applications (e.g., existing dynamic authorization Extension to Remote [5], future prepaid accounting model, etc.)
Generic RADIUS Application Capability Attribute Attribute Format +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Integer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Integer Value CCCTSSSS Where CCC is a 12-bit capability identifier T is a 4-bit indicator, used for extending sub-capabilities space SSSS is a 16-bit sub-capability identifier
IP Address Type Options Attribute • Rationale • Specify whether a routable (public) or non-routable (private) IP address should be assigned to a client. • Attribute • Used by Access Network (in Access-Request) to indicate what IP address type options (private vs. public) are supported by an Access Network • Used by a Home Network (in Access-Accept) to specify what type of IP address (private, public) must be assigned to the client.
More Attributes … • Mobile IP Home Agent Address • Enable a home network to dynamically specify a Home Agent address to be used by the client • VPLMN (i.e., visited network) Identity Name • Enables the VPLMN AAA proxy to convey the VPLMN identity name to the HPLMN (i.e., the home operator network) • Required by GSMA • Diameter equivalent of this attribute exists
Next Steps/Plans • How should we move forward with draft?