1 / 9

LAN Attributes Extension draft-adrangi-radius-attribute-extenstion-01.txt IETF #60

LAN Attributes Extension draft-adrangi-radius-attribute-extenstion-01.txt IETF #60. Farid Adrangi, Avi Lior, Jouni Korhonen. User Identity Alias Attribute. Problem Space

lcunningham
Download Presentation

LAN Attributes Extension draft-adrangi-radius-attribute-extenstion-01.txt IETF #60

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LAN Attributes Extensiondraft-adrangi-radius-attribute-extenstion-01.txtIETF #60 Farid Adrangi, Avi Lior, Jouni Korhonen

  2. User Identity Alias Attribute • Problem Space • The true identity of the subscriber can be hidden from the NAS and RADIUS AAA proxies outside the subscriber’s home network (i.e., outer NAI identity = anonymous@ anyisp.com), which leads to the following concerns: • AAA proxies need to correlate an authentication session to a user identity known only by the user’s home network. Examples: • For fraud detection and protection • For revenue assurance • NAS may require to match the user session and accounting records to a user identity known to the user’s home network. Examples: • For Charging dispute A unique identity known by the home network needs to be conveyed to all parties involved in the roaming transaction

  3. User Identity Alias Attribute • Solution Space • Can we use the existing attributes to solve the problem? • Class • The content of class attribute is intended to be opaque; known and interpreted by the home network • UserName(1) Rewrite • UserName(1) value could be rewritten by the intermediaries • Subsequent accounting request may fail to route through the intermediary exchanges due to the lack of decoration knowledge by the home network • Proposed User Identity Alias Attribute • Avoids overloading the original purpose of UserName (1) • Eliminates the routing issues due to NAI decoration

  4. User Identity Alias Attribute Format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The User-Identity Alias types: 00 – reserved 01 – IMSI 02 – NAI 03 – E.164 number 04 – SIP URL (as defined in [13]) 05 – Opaque string Examples: ”02:charging-id@realm.org” ”03:+4689761234”

  5. Generic RADIUS Application Capability Attribute • Enable a home RADIUS server to discover capabilities of a RADIUS client • The capabilities indicate standard-based applications (e.g., existing dynamic authorization Extension to Remote [5], future prepaid accounting model, etc.)

  6. Generic RADIUS Application Capability Attribute Attribute Format +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Integer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Integer Value CCCTSSSS Where CCC is a 12-bit capability identifier T is a 4-bit indicator, used for extending sub-capabilities space SSSS is a 16-bit sub-capability identifier

  7. IP Address Type Options Attribute • Rationale • Specify whether a routable (public) or non-routable (private) IP address should be assigned to a client. • Attribute • Used by Access Network (in Access-Request) to indicate what IP address type options (private vs. public) are supported by an Access Network • Used by a Home Network (in Access-Accept) to specify what type of IP address (private, public) must be assigned to the client.

  8. More Attributes … • Mobile IP Home Agent Address • Enable a home network to dynamically specify a Home Agent address to be used by the client • VPLMN (i.e., visited network) Identity Name • Enables the VPLMN AAA proxy to convey the VPLMN identity name to the HPLMN (i.e., the home operator network) • Required by GSMA • Diameter equivalent of this attribute exists

  9. Next Steps/Plans • How should we move forward with draft?

More Related