IETF-92 Proceedings
Introduction | Area, Working Goup & BoF Reports | Plenaries | Training | Internet Research Task Force
Additional information is available at tools.ietf.org/wg/radext
Chair(s):Operations and Management Area Area Director(s):Assigned Area Director |
The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol required to expand and enrich the standard attribute
space, address cryptographic algorithm agility, use of new secure
transports and clarify its usage and definition.
In order to maintain interoperation of heterogeneous RADIUS/Diameter
deployments, all RADEXT WG work items except those that just define new
attributes MUST contain a Diameter compatibility section, outlining how
interoperability with Diameter will be maintained.
Furthermore, to ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
the following restrictions are imposed on extensions considered by the
RADEXT WG:
- All documents produced MUST specify means of interoperation with
legacy RADIUS and, if possible, be backward compatible with existing
RADIUS RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580,
4668-4673,4675, 5080, 5090, 5176 and 6158. Transport profiles should, if
possible, be compatible with RFC 3539.
Work Items
The immediate goals of the RADEXT working group are to address the
following issues:
- RADIUS attribute space extension. The standard RADIUS attribute space
is currently being depleted. This document will provide additional
standard attribute space, while maintaining backward compatibility with
existing attributes.
- IEEE 802 attributes. New attributes have been proposed to support IEEE
802 standards for wired and wireless LANs. This work item will support
authentication, authorization and accounting attributes needed by IEEE
802 groups including IEEE 802.1, IEEE 802.11 and IEEE 802.16.
- New RADIUS transports. A reliable transport profile for RADIUS will be
developed, as well as specifications for Secure transports, including
TCP/TLS (RADSEC) and UDP/DTLS.
- Update and clarification of Network Access Identifiers (RFC4282). This
work item will correct and clarify issues present with RFC4282 in two
phases. In first phase, RFC4282bis will be issued to eliminate
fundamental incompatibilities with RADIUS around character encoding and
NAI modifications by proxies. In second phase, a fresh review of NAI
internationalization requirements and behavior will be undertaken with a
clear goal of maintaining compatibility with RADIUS.
- Fragmentation of RADIUS packets to support exchanges exceeding the
existing 4KB limit imposed by RFC 2865.