RADIUS EXTensions (radext)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       Additional RADEXT Web Page

Last Modified: 2008-04-23

Additional information is available at tools.ietf.org/wg/radext

Chair(s):

  • Bernard Aboba <Bernard_Aboba@hotmail.com>

  • David Nelson <d.b.nelson@comcast.net>

    Operations and Management Area Director(s):

  • Dan Romascanu <dromasca@avaya.com>
  • Ronald Bonica <rbonica@juniper.net>

    Operations and Management Area Advisor:

  • Dan Romascanu <dromasca@avaya.com>

    Technical Advisor(s):

  • Paul Congdon <paul.congdon@hp.com>

    Mailing Lists:

    General Discussion: radiusext@ops.ietf.org
    To Subscribe: radiusext-request@ops.ietf.org
    In Body: In Body: subscribe
    Archive: https://ops.ietf.org/lists/radiusext

    Description of Working Group:

    The RADIUS Extensions Working Group will focus on extensions to the
    RADIUS protocol required to enable its use in applications such as IP
    telephony and Local Area Network authentication, authorization and
    accounting.

    The IETF has recently completed work on the Diameter Base protocol. In
    order to support the deployment of Diameter, and enable interoperation
    of heterogeneous RADIUS/Diameter deployments, all RADEXT WG work items
    MUST contain a Diameter compatibility section, outlining how
    interoperability with Diameter will be maintained.

    Furthermore, to ensure backward compatibility with existing RADIUS
    implementations, as well as compatibility between RADIUS and Diameter,
    the following restrictions are imposed on extensions considered by the
    RADEXT WG:

    - All RADIUS work MUST be backward compatible with existing RADIUS
    RFCs,
    including RFCs 2618-2621, 2865-2869, 3162, 3575, 3576, 3579, and 3580.
    - All RADIUS work MUST be compatible with equivalent facilities in
    Diameter. Where possible, new attributes should be defined so that
    the same attribute can be used in both RADIUS and Diameter without
    translation. In other cases a translation considerations
    section should be included in the specification.
    - No new RADIUS transports (e.g. TCP, SCTP) will be defined.
    - No new security mechanisms will be defined for protecting RADIUS.
    - No new commands will be defined.

    Work Items

    The immediate goals of the RADEXT working group are to address the
    following issues:

    - RADIUS design guidelines. This document will provide guidelines for
    design of RADIUS attributes. It will specifically consider how
    complex data types may be introduced in a robust manner, maintaining
    backwards compatibility with existing RADIUS RFCs, across all the
    classes of attributes: Standard, Vendor-Specific and SDO-Specific.
    In addition, it will review RADIUS data types and associated
    backwards compatibility issues.

    - RADIUS implementation issues and fixes. This document will address
    common RADIUS implementation issues and describe proposed solutions.

    - Revised NAI specification. This document, known as "RFC 2486bis"
    will revise the NAI specification to correct known errors,
    add support for privacy and internationalization, and provide
    more details on routing.

    - Pre-paid support. Prepaid services are contemplated in a number
    of potential applications, including wireless LAN access and IP
    telephony. In order to enable support of pre-paid services in
    an interoperable way, the WG will provide definitions of the
    attributes required to support operator service models for
    pre-paid, as documented in liaison communications. This
    document will include within it a specification for interoperation
    with Diameter Credit Control.

    - SIP support. RADIUS is currently used for SIP authentication,
    authorization and accounting. Standardization of these attributes
    will enable improved interoperability.

    This document will be upwards compatible with the Diameter SIP
    application, and conform to existing IETF RFCs on HTTP Digest,
    including RFC 2617, 3261, and 3310.

    - LAN attributes. New attributes have been proposed to enable use of
    authentication, authorization and accounting in wired and
    wireless LANs. Standardization of these attributes will enable
    improved interoperability.

    - RADIUS MIB update. RFC 2618-2621 lack IPv6 compatibility, and modest
    changes are required to address this issue. MIBs for RFC 3576 are
    also needed.

    Goals and Milestones:

    Done  Updates to RFC 2618-2621 RADIUS MIBs submitted for publication
    Done  SIP RADIUS authentication draft submitted as a Proposed Standard RFC
    Done  RFC 2486bis submitted as a Proposed Standard RFC
    Done  RFC 3576 MIBs submitted as an Informational RFC
    Done  RADIUS VLAN and Priority Attributes draft submitted as a Proposed Standard RFC (reduced in scope)
    Jun 2006  RADIUS Design Guidelines and Extended Attributes drafts WGLC
    Jun 2006  WLAN Attributes draft submitted as a Proposed Standard RFC
    Done  RADIUS Implementation Issues and Fixes draft submitted as an Informational RFC
    Oct 2006  RADIUS Design Guidelines submitted as a Best Current Practice RFC
    Oct 2006  RADIUS Extended Attributes submitted as a Proposed Standard RFC (split out from Design Guidelines draft)
    Done  RADIUS Filtering Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft)
    Done  RFC 3576bis submitted as an Informational RFC (split out from Issues & Fixes draft)
    Dec 2006  RADIUS Crypto-agility draft (e.g. FIPS 140-2 compliance for RADIUS) submitted as a Proposed Standard RFC (split out from WLAN attributes draft)
    Dec 2006  RADIUS Prepaid draft submitted as a Proposed Standard RFC
    Done  RADIUS Redirection Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft)

    Internet-Drafts:

    Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management (42018 bytes)
    RADIUS Design Guidelines (72846 bytes)
    Extended Remote Authentication Dial In User Service (RADIUS) Attributes (26808 bytes)
    Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS) (17068 bytes)

    Request For Comments:

    The Network Access Identifier (RFC 4282) (34421 bytes) obsoletes RFC 2486
    Chargeable User Identity (RFC 4372) (21555 bytes)
    RADIUS Extension for Digest Authentication (RFC 4590) (67181 bytes) obsoleted by RFC 5090
    RADIUS Authentication Client MIB for IPV6 (RFC 4668) (48252 bytes) obsoletes RFC 2618
    RADIUS Authentication Server MIB for IPv6 (RFC 4669) (50525 bytes) obsoletes RFC 2619
    RADIUS Accounting Server MIB for IPv6 (RFC 4671) (47694 bytes) obsoletes RFC 2621
    RADIUS Accounting Client MIB for IPv6 (RFC 4670) (44667 bytes) obsoletes RFC 2620
    RADIUS Dynamic Authorization Client MIB (RFC 4672) (50817 bytes)
    RADIUS Dynamic Authorization Server MIB (RFC 4673) (47635 bytes)
    RADIUS Attributes for Virtual LAN and Priority Support (RFC 4675) (29751 bytes)
    RADIUS Delegated-IPv6-Prefix Attribute (RFC 4818) (12993 bytes)
    RADIUS Filter Rule Attribute (RFC 4849) (18162 bytes)
    Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes (RFC 5080) (64138 bytes) updates RFC 2865,RFC 2866,RFC 2869,RFC 3579
    Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) (RFC 5176) (79541 bytes) obsoletes RFC 3576
    RADIUS Extension for Digest Authentication (RFC 5090) (68299 bytes) obsoletes RFC 4590
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.