Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)

To: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>, 'Julien Bournelle' <julien.bournelle at gmail.com>
Subject: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
From: Qin Wu <sunseawq at huawei.com>
Date: Thu, 12 Mar 2009 19:02:20 +0800
Cc: dime at ietf.org, hokey at ietf.org
Delivered-to: dime at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae at mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a at nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7 at mail.gmail.com> <021601c99f18$ee622250$0201a8c0 at nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a at mail.gmail.com> <006b01c9a19e$aa68cf30$ff3a6d90$ at net> <07ce01c9a1a1$5a8daa50$0201a8c0 at nsnintra.net> <024d01c9a2e7$6708e0f0$1b0ca40a at china.huawei.com> <5e2406980903120206h5d80503bw46edbc3388105516 at mail.gmail.com> <096601c9a2f2$d451b640$0201a8c0 at nsnintra.net> <04d901c9a2f5$35f92f20$1b0ca40a at china.huawei.com> <096e01c9a2fa$49406350$0201a8c0 at nsnintra.net>

Hi, Hannes:
Thank for your reply. please see inline.
-Qin
----- Original Message ----- 
From: "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
To: "'Qin Wu'" <sunseawq at huawei.com>; "'Julien Bournelle'" <julien.bournelle at gmail.com>
Cc: "'Glen Zorn'" <glenzorn at comcast.net>; <dime at ietf.org>; <hokey at ietf.org>
Sent: Thursday, March 12, 2009 6:07 PM
Subject: RE: [HOKEY] [Dime] DiME ERP: new Application ID or not ?(non-roaming case)


> Hi Qin, 
> 
>>Hi:
>>If my understanding is correct, the ERP re-authentication with 
>>a AAA server through a Hokey server will happen in the intial 
>>EAP exchange or in  the bootstrapping phase.
> 
> If I understood Glen correctly so far then this is not the model. 
> The Diameter (or RADIUS signaling for that matter) messages are not routed
> through the HOKEY server but the AAA entities interact with the HOKEY
> server(s) using some other protocol mechanism. To me that sounded like a
> reasonable approach. 

[Qin]  I agree it is a good way to make AAA entities interact with Hokey server using existing mechanism.
As regarding whether hokey server can be viewed as proxy AAA or an independent ER server, I am not sure. Maybe this is what DiME ERP 
needs to find out or define.

>>e.g., when the peer firstly enter into one visited AAA domain 
>>away from the home AAA server, intial EAP exchange between the 
>>peer and home AAA server is required.
> 
> Are you talking now about the regular Diameter EAP exchange. 

[Qin]  It is not regualr Diameter EAP exchange but ERP for intial EAP exchange.
As regarding ERP for intial EAP exchange, please refer to the figure 3 of RFC5296.

>>  However when the peer 
>>move between two adjacent authenticator within the same AAA 
>>domain,  the ERP re-authentication does not happen with a AAA 
>>server but with a local hokey server which is a optimized 
>>approach to reduce handoff latency.
> Currently, this is the HOKEY re-authentication exchange. 

[Qin] You understanding is correct.

> Ciao
> Hannes
> 
>>
>>Best Regards!
>>-Qin
>>----- Original Message -----
>>From: "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
>>To: "'Julien Bournelle'" <julien.bournelle at gmail.com>; "'Qin 
>>Wu'" <sunseawq at huawei.com>
>>Cc: "'Glen Zorn'" <glenzorn at comcast.net>; <dime at ietf.org>; 
>><hokey at ietf.org>
>>Sent: Thursday, March 12, 2009 5:13 PM
>>Subject: RE: [HOKEY] [Dime] DiME ERP: new Application ID or 
>>not ?(non-roaming case)
>>
>>
>>> 
>>>> 1/ re-uses full EAP authentication with Diameter EAP
>>> 
>>>> 2/ perform a reauthentication using ERP.
>>> 
>>>> If we use 2/, and we have a new Diameter ERP app-id, a 
>>>>distinct AAA server may be reached. 
>>> 
>>> If I understood Glen correctly from previous conversations 
>>then the Diameter
>>> ERP re-authentication does not happen with a AAA server but 
>>with a HOKEY
>>> server. Hence, I am not sure that there is an issue. 
>>> 
>>> Ciao
>>> Hannes
>>>
>>
>

References:
- [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig

Prev by Date: Re: [Dime] Dime NAI Routing
Next by Date: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roamingcase)
Previous by thread: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
Next by thread: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
Index(es):
- Date
- Thread

Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.