2.4.2 Authentication, Authorization and Accounting (aaa)

NOTE: This charter is a snapshot of the 59th IETF Meeting in Seoul, Korea. It may now be out-of-date.

Last Modified: 2004-01-22

Bernard Aboba <aboba@internaut.com>
David Mitton <david@mitton.com>
John Loughney <john.loughney@nokia.com>
Operations and Management Area Director(s):
Bert Wijnen <bwijnen@lucent.com>
David Kessens <david.kessens@nokia.com>
Operations and Management Area Advisor:
Bert Wijnen <bwijnen@lucent.com>
Mailing Lists:
General Discussion: aaa-wg@merit.edu
To Subscribe: majordomo@merit.edu
In Body: subscribe aaa-wg
Archive: http://www.merit.edu/mail.archives/aaa-wg/
Description of Working Group:
The Authentication, Authorization and Accounting Working Group focused on the development of requirements for Authentication, Authorization and Accounting as applied to network access. Requirements were gathered from NASREQ, MOBILE IP, and ROAMOPS Working Groups as well as TIA 45.6. The AAA WG then solicited submission of protocols meeting the requirements, and evaluated the submissions.

This incarnation of the AAA Working Group will focus on development of an IETF Standards track protocol, based on the DIAMETER submission.

In this process, it is to be understood that the IETF does not function as a rubber stamp. It is likely that the protocol will be changed significantly during the process of development.

The immediate goals of the AAA working group are to address the following issues:

- Clarity. The protocol documents should clearly describe the contents of typical messages and the requirements for interoperability.

- Error messages. The protocol should define categories of error messages, enabling implementations to respond correctly based on the category. The set of error messages should cover the full range of operational problems.

- Accounting. The accounting operational model should be described for each type of network access.

- IPv6. The protocol must include attributes in support for IPv6 network access and must be transportable over IPv6.

- Transport. The protocol should be transport independent and must define at least one mandatory-to-implement transport mapping. Other transport mappings may also be defined. All transport mappings must effectively support congestion control.

- Explicit proxy support. The protocol should offer explicit support for proxies, including support for automated message routing, route recording, and (where necessary) path hiding.

- RADIUS compatibility. The protocol should provide improved RADIUS backward compatibility in the case where only RADIUS attributes are used or where RADIUS proxies or servers exist in the path.

- Security. The protocol should define a lightweight data object security model that is implementable on NASes.

- Data model. The proposal should offer logical separation between the protocol and the data model and should support rich data types.

- MIBs. A MIB must be defined, supporting both IPv4 and IPv6 operation.

Goals and Milestones:
Done  Submission of requirements document as an Informational RFC.
Done  Submission of evaluation document as an Informational RFC.
Done  Submission of design team recommendations on protocol improvements.
Done  Incorporation of design team recommendations into protocol submission.
Done  Submission of AAA Transport as a Proposed Standard RFC
Done  Submission of Diameter Base as a Proposed Standard RFC
Done  Submission of Diameter NASREQ as a Proposed Standard RFC
Apr 04  Submission of Diameter EAP as a Proposed Standard RFC
Apr 04  Submission of Diameter Credit Control as a Proposed Standard RFC
Apr 04  Submission of Diameter SIP application as a Proposed Standard RFC
  • - draft-ietf-mobileip-reg-tunnel-08.txt
  • - draft-ietf-aaa-diameter-mobileip-16.txt
  • - draft-ietf-aaa-diameter-nasreq-14.txt
  • - draft-ietf-aaa-eap-04.txt
  • - draft-ietf-aaa-diameter-cc-03.txt
  • - draft-ietf-aaa-diameter-sip-app-01.txt
  • Request For Comments:
    RFC2924 I Accounting Attributes and Record Formats
    RFC2975 I Introduction to Accounting Management
    RFC2989 I Criteria for Evaluating AAA Protocols for Network Access
    RFC3127 I Authentication, Authorization, and Accounting:Protocol Evaluation
    RFC3539 PS Authentication, Authorization and Accounting (AAA) Transport Profile
    RFC3588 PS Diameter Base Protocol

    Current Meeting Report

    noneAAA WG Minutes:
    AAA WG met once at IETF 59. The status of the following WG drafts were 
            Diameter Network Access Server Application 
            Diameter Extensible Authentication Protocol Application 
            Diameter Mobile IP Application
            Diameter Credit Control Application 
            Diameter SIP application 
    The current status of the working group is that the Diameter NASREQ, 
    Diameter EAP and Diameter Credit Control are in WG Last Call, and should be 
    ready to be sent to the AD upon revision.  
    John Loughney presented the current status of the Diameter NAS 
    application.  There are a few remaining issues open.  If the author does not 
    get suggested text how to clear the issues, the issues will be 
    Pasi Eronen presented the current status of the Diameter EAP 
    application.  There are a few open issues.  The chairs request that 
    everyone review the document and send issues during WG last call.
    MIPv6 Application has 2 discusses from IESG review.  The main open issue is 
    the use of symetric keys. The authors discussed the issues with Russ 
    Housley after the meeting & will write-up an explaination about why 
    symetric keys are OK with this application. This should clear the 
    John Loughney presetned the Diameter Credit Control.  Open issues can be 
    found here: 
    -ietf-aaa-diameter-cc/index.  After the WGLC is complete, the authors will 
    update the doucment.
    Miquel Garcia presented the Diameter SIP application, and the open 
    issues.  The authors will update the document and it should be ready for 
    WGLC afterwards.
    Miquel Garcia presented a short draft on the AAA URI.  It was agreed that 
    there is a bug in the Diameter Base Spec wrt to the AAA URI. This draft 
    will update RFC3588.  It was agreed to make this a WG draft.  
    Jari Arkko presented RFC2486-bis (Network Access Identifier). The chairs & 
    ADs should discuss what to do with this draft.  In the meantime, it will be 
    discussed on the AAA WG.  With any luck, the WG may be able to wrap up 
    before IETF 60.


    Diameter NASReq Application Status
    Mobile IPv4 - Diameter Draft Status
    Diameter EAP Application
    Diameter Credit Control Application
    Diameter SIP application
    AAA and AAAS URI