| < draft-ietf-dime-group-signaling-03.txt | draft-ietf-dime-group-signaling-04.txt > | |||
|---|---|---|---|---|
| Diameter Maintenance and M. Jones | Diameter Maintenance and Extensions (DIME) M. Jones | |||
| Extensions (DIME) M. Liebsch | Internet-Draft | |||
| Internet-Draft L. Morand | Intended status: Standards Track M. Liebsch | |||
| Intended status: Standards Track February 15, 2014 | Expires: January 5, 2015 | |||
| Expires: August 19, 2014 | L. Morand | |||
| July 4, 2014 | ||||
| Diameter Group Signaling | Diameter Group Signaling | |||
| draft-ietf-dime-group-signaling-03.txt | draft-ietf-dime-group-signaling-04.txt | |||
| Abstract | Abstract | |||
| In large network deployments, a single Diameter peer can support over | In large network deployments, a single Diameter peer can support over | |||
| a million concurrent Diameter sessions. Recent use cases have | a million concurrent Diameter sessions. Recent use cases have | |||
| revealed the need for Diameter peers to apply the same operation to a | revealed the need for Diameter peers to apply the same operation to a | |||
| large group of Diameter sessions concurrently. The Diameter base | large group of Diameter sessions concurrently. The Diameter base | |||
| protocol commands operate on a single session so these use cases | protocol commands operate on a single session so these use cases | |||
| could result in many thousands of command exchanges to enforce the | could result in many thousands of command exchanges to enforce the | |||
| same operation on each session in the group. In order to reduce | same operation on each session in the group. In order to reduce | |||
| signaling, it would be desirable to enable bulk operations on all (or | signaling, it would be desirable to enable bulk operations on all (or | |||
| part of) the sessions managed by a Diameter peer using a single or a | part of) the sessions managed by a Diameter peer using a single or a | |||
| few command exchanges. This document specifies the Diameter protocol | few command exchanges. This document specifies the Diameter protocol | |||
| extensions to achieve this signaling optimization. | extensions to achieve this signaling optimization. | |||
| Status of this Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 19, 2014. | This Internet-Draft will expire on January 5, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 6 | 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1. Building and Modifying Session Groups . . . . . . . . . . 6 | 3.1. Building and Modifying Session Groups . . . . . . . . . . 4 | |||
| 3.2. Issuing Group Commands . . . . . . . . . . . . . . . . . . 6 | 3.2. Issuing Group Commands . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. Permission Model . . . . . . . . . . . . . . . . . . . . . 7 | 3.3. Permission Considerations . . . . . . . . . . . . . . . . 4 | |||
| 4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 8 | 4. Protocol Description . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. Session Grouping . . . . . . . . . . . . . . . . . . . . . 8 | 4.1. Session Grouping . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1.1. Group assignment at session initiation . . . . . . . . 8 | 4.1.1. Group assignment at session initiation . . . . . . . 7 | |||
| 4.1.2. Removing a session from a session group . . . . . . . 10 | 4.1.2. Removing a session from a session group . . . . . . . 8 | |||
| 4.1.3. Mid-session group assignment modifications . . . . . . 11 | 4.1.3. Mid-session group assignment modifications . . . . . 9 | |||
| 4.2. Session Grouping Capability Discovery . . . . . . . . . . 12 | 4.2. Session Grouping Capability Discovery . . . . . . . . . . 10 | |||
| 4.2.1. Implicit Capability Discovery . . . . . . . . . . . . 12 | 4.2.1. Explicit Capability Discovery . . . . . . . . . . . . 10 | |||
| 4.2.2. Explicit Capability Discovery . . . . . . . . . . . . 12 | 4.2.2. Implicit Capability Discovery . . . . . . . . . . . . 11 | |||
| 4.3. Releasing a Session Group Identifier . . . . . . . . . . . 12 | 4.3. Deleting a Session Group . . . . . . . . . . . . . . . . 11 | |||
| 4.4. Performing Group Operations . . . . . . . . . . . . . . . 13 | 4.4. Performing Group Operations . . . . . . . . . . . . . . . 11 | |||
| 4.4.1. Sending Group Commands . . . . . . . . . . . . . . . . 13 | 4.4.1. Sending Group Commands . . . . . . . . . . . . . . . 11 | |||
| 4.4.2. Receiving Group Commands . . . . . . . . . . . . . . . 13 | 4.4.2. Receiving Group Commands . . . . . . . . . . . . . . 12 | |||
| 4.4.3. Error Handling for Group Commands . . . . . . . . . . 14 | 4.4.3. Error Handling for Group Commands . . . . . . . . . . 12 | |||
| 4.4.4. Single-Session Fallback . . . . . . . . . . . . . . . 14 | 4.4.4. Single-Session Fallback . . . . . . . . . . . . . . . 13 | |||
| 5. Operation with Proxies Agents . . . . . . . . . . . . . . . . 15 | 5. Operation with Proxies Agents . . . . . . . . . . . . . . . . 13 | |||
| 6. Commands Formatting . . . . . . . . . . . . . . . . . . . . . 16 | 6. Commands Formatting . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 16 | 6.1. Formatting Example: Group Re-Auth-Request . . . . . . . . 14 | |||
| 7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 17 | 7. Attribute-Value-Pairs (AVP) . . . . . . . . . . . . . . . . . 14 | |||
| 7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . . 17 | 7.1. Session-Group-Info AVP . . . . . . . . . . . . . . . . . 15 | |||
| 7.2. Session-Group-Feature-Vector AVP . . . . . . . . . . . . . 17 | 7.2. Session-Group-Control-Vector AVP . . . . . . . . . . . . 15 | |||
| 7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . . 18 | 7.3. Session-Group-Id AVP . . . . . . . . . . . . . . . . . . 16 | |||
| 7.4. Session-Group-Action AVP . . . . . . . . . . . . . . . . . 18 | 7.4. Group-Response-Action AVP . . . . . . . . . . . . . . . . 16 | |||
| 8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . . 19 | 7.5. Session-Group-Capability-Vector AVP . . . . . . . . . . . 17 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | 8. Result-Code AVP Values . . . . . . . . . . . . . . . . . . . 17 | |||
| 9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 20 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 | 9.1. AVP Codes . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | |||
| 12. Normative References . . . . . . . . . . . . . . . . . . . . . 23 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 12. Normative References . . . . . . . . . . . . . . . . . . . . 18 | ||||
| Appendix A. Session Management -- Exemplary Session State | Appendix A. Session Management -- Exemplary Session State | |||
| Machines . . . . . . . . . . . . . . . . . . . . . . 24 | Machines . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| A.1. Authorization Session State Machine . . . . . . . . . . . 24 | A.1. Authorization Session State Machine . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 | ||||
| 1. Introduction | 1. Introduction | |||
| In large network deployments, a single Diameter peer can support over | In large network deployments, a single Diameter peer can support over | |||
| a million concurrent Diameter sessions. Recent use cases have | a million concurrent Diameter sessions. Recent use cases have | |||
| revealed the need for Diameter peers to apply the same operation to a | revealed the need for Diameter peers to apply the same operation to a | |||
| large group of Diameter sessions concurrently. For example, a policy | large group of Diameter sessions concurrently. For example, a policy | |||
| decision point may need to modify the authorized quality of service | decision point may need to modify the authorized quality of service | |||
| for all active users having the same type of subscription. The | for all active users having the same type of subscription. The | |||
| Diameter base protocol commands operate on a single session so these | Diameter base protocol commands operate on a single session so these | |||
| skipping to change at page 4, line 33 ¶ | skipping to change at page 3, line 36 ¶ | |||
| sessions. This document does not define a new Diameter application. | sessions. This document does not define a new Diameter application. | |||
| Instead it defines mechanisms, commands and AVPs that may be used by | Instead it defines mechanisms, commands and AVPs that may be used by | |||
| any Diameter application that requires management of groups of | any Diameter application that requires management of groups of | |||
| sessions. | sessions. | |||
| These mechanisms take the following design goals and features into | These mechanisms take the following design goals and features into | |||
| account: | account: | |||
| o Minimal impact to existing applications | o Minimal impact to existing applications | |||
| o Extension of existing commands' CCF with optional AVPs to enable | o Extension of existing commands' Command Code Format (CCF) with | |||
| grouping and group operations | optional AVPs to enable grouping and group operations | |||
| o Fallback to single session operation | o Fallback to single session operation | |||
| o Implicit discovery of capability to support grouping and group | o Implicit discovery of capability to support grouping and group | |||
| operations | operations in case no external mechanism is available to discover a | |||
| Diameter peer's capability to support session grouping and session | ||||
| group operations. | ||||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| This document uses terminology defined [RFC6733]. | This document uses terminology defined [RFC6733]. | |||
| 3. Protocol Overview | 3. Protocol Overview | |||
| 3.1. Building and Modifying Session Groups | 3.1. Building and Modifying Session Groups | |||
| Client and Server can add a new Diameter session to a group, e.g. in | Client and Server can assign a new Diameter session to a group, e.g. | |||
| case the subscription profile of the associated user has similar | in case the subscription profile of the associated user has similar | |||
| characteristics as the profile of other users whose Diameter session | characteristics as the profile of other users whose Diameter session | |||
| has been added to one or multiple groups. Such similarities can be | has been assigned to one or multiple groups. A single command can be | |||
| for example maximum bandwidth bounds of each user in the a group. | issued and applied to all sessions associated with such group(s), | |||
| These users may share resources of, e.g., an access multiplexer, | e.g. to adjust common profile or policy settings. | |||
| together with other users. Runtime adjustments in the granted | ||||
| bandwidth bounds or other Quality of Service related attributes can | ||||
| be accomplished for the whole group by identifying the group in the | ||||
| Diameter group command. | ||||
| In case a user's subscription profile changes during runtime, either | The assignment of a Diameter session to a group can be changed mid- | |||
| node, a Diameter Server or Diameter client, may decide to remove this | session. For example, if a user's subscription profile changes mid- | |||
| user's Diameter session from the session group. The user's Diameter | session, a Diameter peer may remove the session from its current | |||
| session can be assigned to a different group, whose adjusted profile | group and assign the session to a different group that is more | |||
| matches the one of the different group. Both groups, the user's | appropriate for the new subscription profile. | |||
| previous group and its new group, will be modified mid-session. | ||||
| In case of mobile users, a change in the node implementing the | In case of mobile users, the user's session may get transferred to a | |||
| Diameter client can happen, which has impact to a group of sessions a | new Diameter client during handover and assigned to a different | |||
| particular pair of Diameter client and server has in common. Due to | group, which is maintained at the new Diameter client, mid-session. | |||
| mobility, the mobile user's session may get transferred to a new | ||||
| Diameter client during runtime without mandating from-scratch | A session group, which has sessions assigned, can be deleted, e.g. | |||
| authorization. Such scenario necessitates mid-session modification. | due to a change in multiple users' subscription profile so that the | |||
| group's assigned sessions do not share certain characteristics | ||||
| anymore. Deletion of such group requires subsequent individual | ||||
| treatment of each of the assigned sessions. A peer may decide to | ||||
| assign some of these sessions to any other existing or new group. | ||||
| 3.2. Issuing Group Commands | 3.2. Issuing Group Commands | |||
| A policy decision point may decide to terminate a group of sessions, | Changes in the network condition may result in the Diameter server's | |||
| e.g. based on previous agreement for temporary authorization to | decision to close all sessions in a given group. The server issues a | |||
| access a system. All Diameter sessions of associated users with such | single Session Termination Request (STR) command , identifying the | |||
| temporarily granted access will be added to a single Diameter session | group of sessions which are to be terminated. The Diameter client | |||
| group. After the time limit for the temporary authorization has been | treats the STR as group command and initiates termination of all | |||
| reached, the policy decision point can issue a single Session | sessions associated with the identified group. Subsequently, the | |||
| Termination Request (STR) to the policy enforcement point. The STR | client confirms successful termination of these sessions to the | |||
| command identifies the group of Diameter sessions which are to be | server by sending a single Session Termination Answer (STA) command, | |||
| terminated. The policy enforcement point treats the STR as group | which includes the identifier of the group. | |||
| command and initiates termination of all sessions in the group. | ||||
| Subsequently, the policy enforcement point confirms successful | ||||
| termination of these sessions to the policy decision point by sending | ||||
| a single Session Termination Answer (STA) command which includes the | ||||
| identifier of the group. | ||||
| 3.3. Permission Model | 3.3. Permission Considerations | |||
| A permission model in the context of this draft defines the | Permission considerations in the context of this draft apply to the | |||
| permission of Diameter nodes to build new session groups, to add/ | permission of Diameter nodes to build new session groups, to assign/ | |||
| remove a session to/from a session group and to delete an existing | remove a session to/from a session group and to delete an existing | |||
| session group. | session group. | |||
| This specification follows the most flexible model where both, a | This specification follows the most flexible model where both, a | |||
| Diameter client and a Diameter server can build a new group and | Diameter client and a Diameter server can create a new group and | |||
| assign a new identifier to that session group. When a Diameter node | assign a new identifier to that session group. When a Diameter node | |||
| decides to issue a new session group, e.g. to group all sessions | decides to create a new session group, e.g. to group all sessions | |||
| which share certain characteristics, the node must identify itself in | which share certain characteristics, the node builds a session group | |||
| the DiameterIdentity element of the session group identifier | identifier according to the rules described in Section 7.3) and | |||
| (Section 7.3) as owner of the group. The permission model as per | becomes the owner of the group. This specification does not | |||
| this specification solely constrains the permission to close a | constrain the permission to add or remove a session to/from a session | |||
| session group and release the associated identifier to the group | group to the group owner, instead each peer can add a session to any | |||
| owner. | known group or remove a session from a group. A session group is | |||
| deleted and its identifier released after the last session has been | ||||
| removed from the session group. Also the modification of groups in | ||||
| terms of moving a session from one session group to a different | ||||
| session group is permitted to any Diameter node. A Diameter peer can | ||||
| delete a session group and its group identifier mid-session, | ||||
| resulting in individual treatment of the sessions which have been | ||||
| previously assigned to the deleted group. | ||||
| Irrespective of the group ownership, as per this specification any | The enforcement of more constrained permissions is left to the | |||
| Diameter node has the permission to add/remove a session to/from an | specification of a particular group signaling enabled Diameter | |||
| existing session group. Also the modification of groups in terms of | application and compliant implementations of such application must | |||
| moving a session from one session group to a different session group | enforce the associated permission model. Details about enforcing a | |||
| is permitted to any Diameter node. The enforcement of a more | more constraint permission model are out of scope of this | |||
| constrained model is left to the application and implementation, | ||||
| which must then ensure that relevant Diameter nodes have the same | ||||
| view of the permission model, either through administrative | ||||
| configuration or protocol-based capability discovery. Details about | ||||
| enforcing a more constraint permission model are out of scope of this | ||||
| specification. For example, a more constrained model could require | specification. For example, a more constrained model could require | |||
| that a client MUST NOT remove a session from a group which is owned | that a client MUST NOT remove a session from a group which is owned | |||
| by the server. | by the server. | |||
| The following table depicts the permission considerations as per the | ||||
| present specification: | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Operation | Server | Client | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Create a new Session Group (peer becomes | X | X | | ||||
| | the group owner) | | | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Assign a Session to an owned Session Group | X | X | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Assign a Session to a non-owned Session Group | X | X | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Remove a Session from an owned Session Group | X | X | | ||||
| +-------------------------------------------------+-----------------+ | ||||
| | Remove a Session from a non-owned Session Group | X | X | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Remove a Session from a Session Group where the | X | X | | ||||
| | peer created the assignment | | | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Remove a Session from a Session Group where the | | | | ||||
| | peer did not create the assignment | | | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Overrule a peer's group assignment *) | | | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Delete a Session Group owned by the peer | X | X | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| | Delete a Session Group not owned by the peer | | | | ||||
| +-------------------------------------------------+--------+--------+ | ||||
| Default Permission as per this Specification | ||||
| *) Editors' note: The protocol specification in this document does | ||||
| not consider overruling a peer's assignment of a session to a session | ||||
| group. Group signaling enabled applications may take such protocol | ||||
| support and associated protocol semantics into account in their | ||||
| specification. | ||||
| 4. Protocol Description | 4. Protocol Description | |||
| 4.1. Session Grouping | 4.1. Session Grouping | |||
| Either Diameter peer can initiate assigning a session to a single or | Either Diameter peer can initiate the assignment of a session to a | |||
| multiple session groups. Modification of a group by removing or | single or multiple session groups. Modification of a group by | |||
| adding a single or multiple user sessions can be initiated and | removing or adding a single or multiple user sessions can be | |||
| performed at runtime by either Diameter peer. Diameter AAA | initiated and performed mid-session by either Diameter peer. | |||
| applications typically assign client and server roles to the Diameter | Diameter AAA applications typically assign client and server roles to | |||
| peers, which are referred to as relevant Diameter peers to utilize | the Diameter peers, which are referred to as relevant Diameter peers | |||
| session grouping and issue group commands. Section 5 describes | to utilize session grouping and issue group commands. Section 5 | |||
| particularities about session grouping and performing group commands | describes particularities about session grouping and performing group | |||
| when relay agents or proxies are deployed. | commands when relay agents or proxies are deployed. | |||
| Diameter peers, which are group-aware, must store and maintain a list | Diameter peers, which are group-aware, must store and maintain an | |||
| of all session groups to which at least one session, for which the | entry about the group assignment together with a session's state. A | |||
| peer holds a state, is assigned. Along with the group's Session-Id, | list of all known session groups should be locally maintained on each | |||
| a list of Diameter sessions, which are assigned to the group, must be | peer, each group pointing to individual sessions being assigned to | |||
| stored. This specification assumes that a session group is built and | the group. A peer must also keep a record about sessions, which have | |||
| handled between pairs of Diameter nodes. Clients and servers MUST | been assigned to a session group by that peer. | |||
| maintain Diameter state of individual sessions grouped in a session | ||||
| group. | ||||
| 4.1.1. Group assignment at session initiation | 4.1.1. Group assignment at session initiation | |||
| To assign a session to a group at session initiation, a Diameter | To assign a session to a group at session initiation, a Diameter | |||
| client sends a service specific request, e.g. NASREQ AAR [RFC4005], | client sends a service specific request, e.g. NASREQ AAR [RFC4005], | |||
| containing one or more group identifiers. A Diameter client as | containing one or more group identifiers. Each of these groups need | |||
| sender of a command for session initiation can determine one or | to be identified by a unique Session-Group-Id contained in a separate | |||
| multiple groups to which the new session should be assigned. Each of | Session-Group-Info AVP as specified in Section 7. | |||
| these groups need to be identified by a unique Session-Group-Id | ||||
| contained in a separate Session-Group-Info AVP as specified in | ||||
| Section 7. | ||||
| The client may choose one or multiple sessions from a list of | The client may choose one or multiple sessions from a list of | |||
| existing session groups, irrespective of the group ownership. | existing session groups. Alternatively, the client may decide to | |||
| Alternatively, the client may decide to create a new group and | create a new group and identify itself in the DiameterIdentity | |||
| identify itself in the DiameterIdentity element of the | element of the Group-Session-Id AVP as per Section 7.3 | |||
| Group-Session-Id AVP as per Section 7.3 | ||||
| The client MUST set the SESSION_GROUP_ALLOCATION_ACTION of the | The client MUST set the SESSION_GROUP_ALLOCATION_ACTION of the | |||
| Session-Group-Feature-Vector AVP in each appended Session-Group-Info | Session-Group-Control-Vector AVP in each appended Session-Group-Info | |||
| AVP to indicate that the identified session should be added to the | AVP to indicate that the identified session should be assigned to the | |||
| identified session group. | identified session group. | |||
| If the Diameter server receives a command request from a Diameter | If the Diameter server receives a command request from a Diameter | |||
| client and the command comprises at least one Session-Group-Info AVP | client and the command comprises at least one Session-Group-Info AVP | |||
| having the SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group- | having the SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group- | |||
| Feature-Vector AVP set, the server must add the new session to each | Control-Vector AVP set, the server must assign the new session to | |||
| of the one or multiple identified session groups. In case one or | each of the one or multiple identified session groups. In case one | |||
| multiple identified session groups are not know to the server, the | or multiple identified session groups are not know to the server, the | |||
| server must add the one or multiple new groups to its locally | server must add the one or multiple new groups to its local list of | |||
| maintained list of session groups. When sending the response to the | known session groups. When sending the response to the client, e.g. | |||
| client, e.g. a service-specific auth response as per NASREQ AAA | a service-specific auth response as per NASREQ AAA [RFC4005], the | |||
| [RFC4005], the server must include all Session-Group-Info AVPs as | server must include all Session-Group-Info AVPs as received in the | |||
| received in the client's request. | client's request. | |||
| In addition to the one or multiple session groups identified in the | In addition to the one or multiple session groups identified in the | |||
| client's request, the server may decide to add the new session to one | client's request, the server may decide to assign the new session to | |||
| or multiple additional groups. In such case, the server add to the | one or multiple additional groups. In such case, the server adds to | |||
| response additional Session-Group-Info AVPs, each identifying a | the response additional Session-Group-Info AVPs, each identifying a | |||
| session group, to which the server has assigned the new session. | session group, to which the server has assigned the new session. | |||
| Each of the Session-Group-Info AVP added by the server, the | Each of the Session-Group-Info AVP added by the server must have the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group-Feature- | SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group-Control- | |||
| Vector AVP must be set. | Vector AVP set. | |||
| If the Diameter server receives a command for session initiation from | ||||
| a Diameter client and the command comprises at least one Session- | ||||
| Group-Info AVP, but the one or multiple Session-Group-Info AVP do not | ||||
| identify any session group to which the session should be assigned, | ||||
| the server may assign the new session to one or multiple session | ||||
| groups. Each session group, to which the server assigns the new | ||||
| session, must be identified in a separate Session-Group-Info AVP | ||||
| having the SESSION_GROUP_ALLOCATION_ACTION flag of the associated | ||||
| Session-Group-Vector AVP set. | ||||
| If the Diameter client receives a response to its previously issued | If the Diameter client receives a response to its previously issued | |||
| request from the server and the response comprises at least one | request from the server and the response comprises at least one | |||
| Session-Group-Info AVP having the SESSION_GROUP_ALLOCATION_ACTION | Session-Group-Info AVP having the SESSION_GROUP_ALLOCATION_ACTION | |||
| flag of the associated Session-Group-Feature-Vector AVP set, the | flag of the associated Session-Group-Control-Vector AVP set, the | |||
| client must add the new session to all session groups as identified | client must add the new session to all session groups as identified | |||
| in the one or multiple Session-Group-Info AVPs. | in the one or multiple Session-Group-Info AVPs. | |||
| A Diameter server receiving a command for session initiation which | A Diameter server receiving a command for session initiation which | |||
| includes at least one Session-Group-Info AVP but the server does not | includes at least one Session-Group-Info AVP but the server does not | |||
| understand the semantics of this optional AVP because it does not | understand the semantics of this optional AVP because it does not | |||
| support group operations according to the specification in this | support group operations according to the specification in this | |||
| document, MUST ignore the optional group operations specific AVPs and | document, MUST ignore the optional group operations specific AVPs and | |||
| proceed with processing the command for a single session. | proceed with processing the command for a single session. | |||
| skipping to change at page 10, line 13 ¶ | skipping to change at page 8, line 34 ¶ | |||
| remember that the server is not able to perform group operations. | remember that the server is not able to perform group operations. | |||
| 4.1.2. Removing a session from a session group | 4.1.2. Removing a session from a session group | |||
| When a Diameter client decides to remove a session from a particular | When a Diameter client decides to remove a session from a particular | |||
| session group, the client sends a service-specific re-authorization | session group, the client sends a service-specific re-authorization | |||
| request to the server and adds one Session-Group-Info AVP to the | request to the server and adds one Session-Group-Info AVP to the | |||
| request for each session group, from which the client wants to remove | request for each session group, from which the client wants to remove | |||
| the session. The session, which is to be removed from a group, is | the session. The session, which is to be removed from a group, is | |||
| identified in the Session-Id AVP of the command request. The | identified in the Session-Id AVP of the command request. The | |||
| SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group-Feature- | SESSION_GROUP_ALLOCATION_ACTION flag of the Session-Group-Control- | |||
| Vector AVP in each Session-Group-Info AVP must be cleared to indicate | Vector AVP in each Session-Group-Info AVP must be cleared to indicate | |||
| removal of the session from the session group identified in the | removal of the session from the session group identified in the | |||
| associated Session-Group-id AVP. | associated Session-Group-id AVP. | |||
| When a Diameter client decides to remove a session from all session | When a Diameter client decides to remove a session from all session | |||
| groups, to which the session has been previously assigned, the client | groups, to which the session has been previously assigned, the client | |||
| sends a service-specific re-authorization request to the server and | sends a service-specific re-authorization request to the server and | |||
| adds a single Session-Group-Info AVP to the request which has the | adds a single Session-Group-Info AVP to the request which has the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag cleared and the Session-Group-Id | SESSION_GROUP_ALLOCATION_ACTION flag cleared and the Session-Group-Id | |||
| AVP omitted. The session, which is to be removed from all groups, to | AVP omitted. The session, which is to be removed from all groups, to | |||
| skipping to change at page 11, line 11 ¶ | skipping to change at page 9, line 32 ¶ | |||
| SESSION_GROUP_ALLOCATION_ACTION flag cleared and the Session-Group-Id | SESSION_GROUP_ALLOCATION_ACTION flag cleared and the Session-Group-Id | |||
| AVP identifying the session group, from which the session should be | AVP identifying the session group, from which the session should be | |||
| removed. The server MAY include to the service-specific auth | removed. The server MAY include to the service-specific auth | |||
| response a list of Session-Group-Info AVPs with the | response a list of Session-Group-Info AVPs with the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag set and the Session-Group-Id AVP | SESSION_GROUP_ALLOCATION_ACTION flag set and the Session-Group-Id AVP | |||
| identifying session groups to which the session remains subscribed. | identifying session groups to which the session remains subscribed. | |||
| In case the server decides to remove the identified session from all | In case the server decides to remove the identified session from all | |||
| session groups, to which the session has been previously assigned, | session groups, to which the session has been previously assigned, | |||
| the server includes in the service-specific auth response at least | the server includes in the service-specific auth response at least | |||
| one Session-Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION | one Session-Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION | |||
| flag cleared and Session-Group-Info AVP absent. | flag cleared and Session-Group-Id AVP absent. | |||
| 4.1.3. Mid-session group assignment modifications | 4.1.3. Mid-session group assignment modifications | |||
| Either Diameter peer can modify the group membership of an active | Either Diameter peer can modify the group membership of an active | |||
| Diameter session, irrespective of the group ownership. | Diameter session according to the specified permission | |||
| considerations. | ||||
| To update an assigned group mid-session, a Diameter client sends a | To update an assigned group mid-session, a Diameter client sends a | |||
| service-specific re-authorization request to the server, containing | service-specific re-authorization request to the server, containing | |||
| one or multiple Session-Group-Info AVPs with the | one or multiple Session-Group-Info AVPs with the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag set and the Session-Group-Id AVP | SESSION_GROUP_ALLOCATION_ACTION flag set and the Session-Group-Id AVP | |||
| present, identifying the session group to which the session should be | present, identifying the session group to which the session should be | |||
| added. With the same message, the client may send one or multiple | assigned. With the same message, the client may send one or multiple | |||
| Session-Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION flag | Session-Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION flag | |||
| cleared and the Session-Group-Id AVP identifying the session group | cleared and the Session-Group-Id AVP identifying the session group | |||
| from which the identified session is to be removed. To remove the | from which the identified session is to be removed. To remove the | |||
| session from all previously assigned session groups, the client | session from all previously assigned session groups, the client | |||
| includes at least one Session-Group-Info AVP with the | includes at least one Session-Group-Info AVP with the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag cleared and no Session-Group-Id | SESSION_GROUP_ALLOCATION_ACTION flag cleared and no Session-Group-Id | |||
| AVP present. When the server received the service-specific re- | AVP present. When the server received the service-specific re- | |||
| authorization request, it must update its locally maintained view of | authorization request, it must update its locally maintained view of | |||
| the session groups for the identified session according to the | the session groups for the identified session according to the | |||
| appended Session-Group-Info AVPs. The server sends a service- | appended Session-Group-Info AVPs. The server sends a service- | |||
| specific auth response to the client containing one or multiple | specific auth response to the client containing one or multiple | |||
| Session-Group-Info AVPs with the SESSION_GROUP_ALLOCATION_ACTION flag | Session-Group-Info AVPs with the SESSION_GROUP_ALLOCATION_ACTION flag | |||
| set and the Session-Group-Id AVP identifying the new session group to | set and the Session-Group-Id AVP identifying the new session group to | |||
| which the identified session has been added. | which the identified session has been assigned. | |||
| When a Diameter server enforces an update to the assigned groups mid- | When a Diameter server enforces an update to the assigned groups mid- | |||
| session, it sends a Re-Authorization Request (RAR) message to the | session, it sends a Re-Authorization Request (RAR) message to the | |||
| client identifying the session, for which the session group lists are | client identifying the session, for which the session group lists are | |||
| to be updated. The client responds with a Re-Authorization Answer | to be updated. The client responds with a Re-Authorization Answer | |||
| (RAA) message. The client subsequently sends service-specific re- | (RAA) message. The client subsequently sends service-specific re- | |||
| authorization request containing one or multiple Session-Group-Info | authorization request containing one or multiple Session-Group-Info | |||
| AVPs with the SESSION_GROUP_ALLOCATION_ACTION flag set and the | AVPs with the SESSION_GROUP_ALLOCATION_ACTION flag set and the | |||
| Session-Group-Id AVP identifying the session group to which the | Session-Group-Id AVP identifying the session group to which the | |||
| session had been previously assigned. The server responds with a | session had been previously assigned. The server responds with a | |||
| service-specific auth response and includes one or multiple Session- | service-specific auth response and includes one or multiple Session- | |||
| Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION flag set and | Group-Info AVP with the SESSION_GROUP_ALLOCATION_ACTION flag set and | |||
| the Session-Group-Id AVP identifying the session group, to which the | the Session-Group-Id AVP identifying the session group, to which the | |||
| identified session is to be added. With the same response message, | identified session is to be assigned. With the same response | |||
| the server may send one or multiple Session-Group-Info AVPs with the | message, the server may send one or multiple Session-Group-Info AVPs | |||
| SESSION_GROUP_ALLOCATION_ACTION flag cleared and the Session-Group-Id | with the SESSION_GROUP_ALLOCATION_ACTION flag cleared and the | |||
| AVP identifying the session groups from which the identified session | Session-Group-Id AVP identifying the session groups from which the | |||
| is to be removed. When server wants to remove the session from all | identified session is to be removed. When server wants to remove the | |||
| previously assigned session groups, it send at least on Session- | session from all previously assigned session groups, it send at least | |||
| Group-Info AVP with the response having the | on Session-Group-Info AVP with the response having the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag cleared and no Session-Group-Id | SESSION_GROUP_ALLOCATION_ACTION flag cleared and no Session-Group-Id | |||
| AVP present. | AVP present. | |||
| 4.2. Session Grouping Capability Discovery | 4.2. Session Grouping Capability Discovery | |||
| 4.2.1. Implicit Capability Discovery | Diameter nodes should assign a session to a session group and perform | |||
| session group operations with a peer only after having ensured that | ||||
| the peer announced associated support beforehand. | ||||
| By appending at least one Session-Group-Info AVP, the Diameter client | 4.2.1. Explicit Capability Discovery | |||
| announces its capability to support group operations according to the | ||||
| specification in this document to the addressed Diameter server. If | ||||
| the Diameter client supports group operations, it MUST append at | ||||
| least one Session-Group-Info AVP to announce its capability to | ||||
| support group operations. | ||||
| A session-group aware Diameter server receiving a command for session | New Diameter applications may consider support for Diameter session | |||
| initiation which includes at least one Session-Group-Info AVP learns | grouping and for performing group commands during the standardization | |||
| about the sender's capability to support group operations. | process. Such applications provide intrinsic discovery for the | |||
| support of group commands and announce this capability through the | ||||
| assigned application ID. | ||||
| By appending at least one Session-Group-Id AVP, the Diameter server | System- and deployment-specific means for capability exchange can be | |||
| announces its capability to support group operations according to the | used to announce peers' support for session grouping and session | |||
| specification in this document to the addressed Diameter client. | group operations. In such case, the optional Session-Group- | |||
| Capability-Vector AVP, as described in Section 4.2.2 can be omitted | ||||
| in Diameter messages being exchanged between peers. | ||||
| 4.2.2. Explicit Capability Discovery | 4.2.2. Implicit Capability Discovery | |||
| New Diameter applications may consider support for Diameter session | If no explicit mechanism for capability discovery is deployed to | |||
| grouping and for performing group commands during the standardization | enable Diameter nodes to learn about peers' capability to support | |||
| process. Such applications provide intrinsic support for the support | session grouping and group commands, Diameter peers SHOULD append the | |||
| of group commands and announce this capability through the assigned | Session-Group-Capability-Vector AVP to any Diameter messages | |||
| application ID. | exchanged with its peers to announce its capability to support | |||
| session grouping and session group operations. Implementations | ||||
| following this specification set the BASE_SESSION_GROUP_CAPABILITY | ||||
| flag of the Session-Group-Capability-Vector AVP. | ||||
| 4.3. Releasing a Session Group Identifier | When a Diameter node receives at least one Session-Group-Capability- | |||
| Vector AVP from a peer with the BASE_SESSION_GROUP_CAPABILITY flag | ||||
| set, the Diameter node maintains a log to remember the peer's | ||||
| capability to support group commands. | ||||
| To close a session group and release the associated Session-Group-Id | 4.3. Deleting a Session Group | |||
| To delete a session group and release the associated Session-Group-Id | ||||
| value, the owner of a session group appends a single Session-Group- | value, the owner of a session group appends a single Session-Group- | |||
| Info AVP having the SESSION_GROUP_STATUS_IND flag cleared and the | Info AVP having the SESSION_GROUP_STATUS_IND flag cleared and the | |||
| Session-Group-Id AVP identifying the session group, which is to be | Session-Group-Id AVP identifying the session group, which is to be | |||
| closed. The SESSION_GROUP_ALLOCATION_ACTION flag of the associated | deleted. The SESSION_GROUP_ALLOCATION_ACTION flag of the associated | |||
| Session-Group-Feature-Vector AVP MUST be cleared. | Session-Group-Control-Vector AVP MUST be cleared. | |||
| 4.4. Performing Group Operations | 4.4. Performing Group Operations | |||
| 4.4.1. Sending Group Commands | 4.4.1. Sending Group Commands | |||
| Either Diameter peer can request the recipient of a request to | Either Diameter peer can request the recipient of a request to | |||
| process an associated command for all sessions being assigned to one | process an associated command for all sessions being assigned to one | |||
| or multiple groups by identifying these groups in the request. The | or multiple groups by identifying these groups in the request. The | |||
| sender of the request appends for each group, to which the command | sender of the request appends for each group, to which the command | |||
| applies, a Session-Group-Info AVP including the Session-Group-Id AVP | applies, a Session-Group-Info AVP including the Session-Group-Id AVP | |||
| to identify the associated session group. Both, the | to identify the associated session group. Both, the | |||
| SESSION_GROUP_ALLOCATION_ACTION flag as well as the | SESSION_GROUP_ALLOCATION_ACTION flag as well as the | |||
| SESSION_GROUP_STATUS_IND flag must be set. | SESSION_GROUP_STATUS_IND flag must be set. | |||
| If the CCF of the request mandates a Session-Id AVP, the Session-Id | If the CCF of the request mandates a Session-Id AVP, the Session-Id | |||
| AVP MUST identify a single session which is assigned to at least one | AVP MUST identify a single session which is assigned to at least one | |||
| of the groups being identified in the appended Session-Group-Id AVPs. | of the groups being identified in the appended Session-Group-Id AVPs. | |||
| The sender of the request can indicate to the receiver how follow up | The sender of the request MUST indicate to the receiver how follow up | |||
| message exchanges should be performed by appending a Session-Group- | message exchanges should be performed by appending a single instance | |||
| Action AVP. If the sender wants the receiver to perform follow up | of the Group-Response-Action AVP. Even if the request includes | |||
| exchanges with a single command for all impacted groups, the sender | multiple instances of a Session-Group-Info AVP, the request MUST NOT | |||
| sets the value of the Session-Group-Action AVP to ALL_GROUPS (1). If | comprise more than a single instance of a Group-Response-Action AVP. | |||
| follow up message exchanges should be performed on a per-group basis | If the sender wants the receiver to perform follow up exchanges with | |||
| in case multiple groups are identified in the group command, the | a single command for all impacted groups, the sender sets the value | |||
| value of the Session-Group-Action AVP is set to PER_GROUP (2). A | of the Group-Response-Action AVP to ALL_GROUPS (1). If follow up | |||
| value set to PER_SESSION (3) indicates to the receiver that all | message exchanges should be performed on a per-group basis in case | |||
| follow up exchanges should be performed using a single message for | multiple groups are identified in the group command, the value of the | |||
| each impacted session. | Group-Response-Action AVP is set to PER_GROUP (2). A value set to | |||
| PER_SESSION (3) indicates to the receiver that all follow up | ||||
| exchanges should be performed using a single message for each | ||||
| impacted session. | ||||
| If the sender wants the receiver of the request to process the | If the sender wants the receiver of the request to process the | |||
| associated command solely for a single session does not append any | associated command solely for a single session does not append any | |||
| group identifier, but identifies the relevant session in the | group identifier, but identifies the relevant session in the Session- | |||
| Session-Id AVP. | Id AVP. | |||
| 4.4.2. Receiving Group Commands | 4.4.2. Receiving Group Commands | |||
| A Diameter peer receiving a request to process a command for a group | A Diameter peer receiving a request to process a command for a group | |||
| of sessions identifies the relevant groups according to the appended | of sessions identifies the relevant groups according to the appended | |||
| Session-Group-Id AVP in the Session-Group-Info AVP. If the received | Session-Group-Id AVP in the Session-Group-Info AVP and processes the | |||
| request identifies multiple groups in multiple appended Session- | group command according to the appended Group-Response-Action AVP . | |||
| Group-Id AVPs, the receiver should process the associated command for | If the received request identifies multiple groups in multiple | |||
| each of these groups. if a session has been assigned to more than one | appended Session-Group-Id AVPs, the receiver should process the | |||
| of the identified groups, the receiver must process the associated | associated command for each of these groups. if a session has been | |||
| command only once per session. | assigned to more than one of the identified groups, the receiver must | |||
| process the associated command only once per session. | ||||
| The Diameter peer receiving a request which requests performing the | The Diameter peer receiving a request which requests performing the | |||
| command to at least on session group SHOULD perform follow up message | command to at least on session group SHOULD perform follow up message | |||
| exchanges according to the value identified in the Session-Group-Info | exchanges according to the value identified in the Session-Group-Info | |||
| AVP. | AVP. | |||
| 4.4.3. Error Handling for Group Commands | 4.4.3. Error Handling for Group Commands | |||
| When a Diameter peer receives a request to process a command for one | When a Diameter peer receives a request to process a command for one | |||
| or more session groups and the result of processing the command is an | or more session groups and the result of processing the command is an | |||
| error that applies to all sessions in the identified groups, an | error that applies to all sessions in the identified groups, an | |||
| associated protocol error must be returned to the source of the | associated protocol error must be returned to the source of the | |||
| request. In such case, the sender of the request MUST fall back to | request. In such case, the sender of the request MUST fall back to | |||
| single-session processing and the session groups, which have been | single-session processing and the session groups, which have been | |||
| identified in the group command, MUST be closed according to the | identified in the group command, MUST be deleted according to the | |||
| procedure described in Section 4.3. | procedure described in Section 4.3. | |||
| When a Diameter peer receives a request to process a command for one | When a Diameter peer receives a request to process a command for one | |||
| or more session groups and the result of processing the command | or more session groups and the result of processing the command | |||
| succeeds for some sessions identified in one or multiple session | succeeds for some sessions identified in one or multiple session | |||
| groups, but fails for one or more sessions, the Result-Code AVP in | groups, but fails for one or more sessions, the Result-Code AVP in | |||
| the response message SHOULD indicate DIAMETER_LIMITED_SUCCESS as per | the response message SHOULD indicate DIAMETER_LIMITED_SUCCESS as per | |||
| Section 7.1.2 of [RFC6733]. In case of limited success, the | Section 7.1.2 of [RFC6733]. In case of limited success, the | |||
| sessions, for which the processing of the group command failed, MUST | sessions, for which the processing of the group command failed, MUST | |||
| be identified using a Failed-AVP AVP as per Session 7.5 of [RFC6733]. | be identified using a Failed-AVP AVP as per Session 7.5 of [RFC6733]. | |||
| skipping to change at page 16, line 18 ¶ | skipping to change at page 14, line 9 ¶ | |||
| operations, but relies on command extensibility capability provided | operations, but relies on command extensibility capability provided | |||
| by the Diameter Base protocol. This section provides the guidelines | by the Diameter Base protocol. This section provides the guidelines | |||
| to extend the CCF of existing Diameter commands with optional AVPs to | to extend the CCF of existing Diameter commands with optional AVPs to | |||
| enable the recipient of the command to perform the command to all | enable the recipient of the command to perform the command to all | |||
| sessions associated with the identified group(s). | sessions associated with the identified group(s). | |||
| 6.1. Formatting Example: Group Re-Auth-Request | 6.1. Formatting Example: Group Re-Auth-Request | |||
| A request that one or more groups of users are re-authentication is | A request that one or more groups of users are re-authentication is | |||
| issued by appending one or multiple Session-Group-Id AVP(s) to the | issued by appending one or multiple Session-Group-Id AVP(s) to the | |||
| Re-Auth-Request (RAR). The one or multiple Session-Group-Id AVP(s) | Re-Auth-Request (RAR) and a single instance of a Group-Response- | |||
| identify the associated group(s) for which the group re- | Action AVP. The one or multiple Session-Group-Id AVP(s) identify the | |||
| authentication has been requested. The recipient of the group | associated group(s) for which the group re-authentication has been | |||
| command initiates re-authentication for all users associated with the | requested. The Group-Response-Action AVP identifies the expected | |||
| identified group(s). Furthermore, the sender of the group re- | means to perform and respond to the group command. The recipient of | |||
| authentication request appends a Session-Group-Action AVP to provide | the group command initiates re-authentication for all users | |||
| more information to the receiver of the command about how to | associated with the identified group(s). Furthermore, the sender of | |||
| accomplish the group operation. | the group re-authentication request appends a Group-Response-Action | |||
| AVP to provide more information to the receiver of the command about | ||||
| how to accomplish the group operation. | ||||
| The value of the mandatory Session-Id AVP MUST identify a session | The value of the mandatory Session-Id AVP MUST identify a session | |||
| associated with a single user, which is assigned to at least one of | associated with a single user, which is assigned to at least one of | |||
| the groups being identified in the appended Session-Group-Id AVPs. | the groups being identified in the appended Session-Group-Id AVPs. | |||
| <RAR> ::= < Diameter Header: 258, REQ, PXY > | <RAR> ::= < Diameter Header: 258, REQ, PXY > | |||
| < Session-Id > | < Session-Id > | |||
| { Origin-Host } | { Origin-Host } | |||
| { Origin-Realm } | { Origin-Realm } | |||
| { Destination-Realm } | { Destination-Realm } | |||
| { Destination-Host } | { Destination-Host } | |||
| { Auth-Application-Id } | { Auth-Application-Id } | |||
| { Re-Auth-Request-Type } | { Re-Auth-Request-Type } | |||
| [ User-Name ] | [ User-Name ] | |||
| [ Origin-State-Id ] | [ Origin-State-Id ] | |||
| * [ Proxy-Info ] | * [ Proxy-Info ] | |||
| * [ Route-Record ] | * [ Route-Record ] | |||
| * [ Session-Group-Id ] | [ Session-Group-Capability-Vector ] | |||
| [ Session-Group-Action ] | * [ Session-Group-Info ] | |||
| [ Group-Response-Action ] | ||||
| * [ AVP ] | * [ AVP ] | |||
| 7. Attribute-Value-Pairs (AVP) | 7. Attribute-Value-Pairs (AVP) | |||
| +--------------------+ | +--------------------+ | |||
| | AVP Flag rules | | | AVP Flag rules | | |||
| +----+---+------+----+ | +----+---+------+----+ | |||
| AVP | | |SHOULD|MUST| | AVP | | |SHOULD|MUST| | |||
| Attribute Name Code Value Type |MUST|MAY| NOT | NOT| | Attribute Name Code Value Type |MUST|MAY| NOT | NOT| | |||
| +-------------------------------------------------+----+---+------+----+ | +-------------------------------------------------+----+---+------+----+ | |||
| |Session-Group-Info TBD1 Grouped | | P | | V | | |Session-Group-Info TBD1 Grouped | | P | | V | | |||
| |Session-Group-Feature-Vector TBD2 Unsigned32 | | P | | V | | |Session-Group-Control-Vector TBD2 Unsigned32 | | P | | V | | |||
| |Session-Group-Id TBD3 OctetString | | P | | V | | |Session-Group-Id TBD3 OctetString | | P | | V | | |||
| |Session-Group-Action TBD4 Unsigned32 | | P | | V | | |Group-Response-Action TBD4 Unsigned32 | | P | | V | | |||
| |Session-Group-Capability-Vector TBD5 Unsigned32 | | P | | V | | ||||
| +-------------------------------------------------+----+---+------+----+ | +-------------------------------------------------+----+---+------+----+ | |||
| AVPs for the Diameter Group Signaling | AVPs for the Diameter Group Signaling | |||
| 7.1. Session-Group-Info AVP | 7.1. Session-Group-Info AVP | |||
| The Session-Group-Info AVP (AVP Code TBD1) is of type Grouped. It | The Session-Group-Info AVP (AVP Code TBD1) is of type Grouped. It | |||
| contains the identifier of the session group as well as an indication | contains the identifier of the session group as well as an indication | |||
| of the node responsible for session group identifier assignment. | of the node responsible for session group identifier assignment. | |||
| Session-Group-Info ::= < AVP Header: TBD1 > | Session-Group-Info ::= < AVP Header: TBD1 > | |||
| < Session-Group-Feature-Vector > | < Session-Group-Control-Vector > | |||
| [ Session-Group-Id ] | [ Session-Group-Id ] | |||
| * [ AVP ] | * [ AVP ] | |||
| 7.2. Session-Group-Feature-Vector AVP | 7.2. Session-Group-Control-Vector AVP | |||
| The Session-Group-Feature-Vector AVP (AVP Code TBD2) is of type | The Session-Group-Control-Vector AVP (AVP Code TBD2) is of type | |||
| Unsigned32 and contains a 32-bit flags field of capabilities | Unsigned32 and contains a 32-bit flags field to control the group | |||
| supported by the session-group aware node. | assignment at session-group aware nodes. | |||
| The following capabilities are defined in this document: | The following capabilities are defined in this document: | |||
| SESSION_GROUP_ALLOCATION_ACTION (0x00000001) | SESSION_GROUP_ALLOCATION_ACTION (0x00000001) | |||
| This flag indicates the action to be performed for the identified | This flag indicates the action to be performed for the identified | |||
| session. When this flag is set, it indicates that the identified | session. When this flag is set, it indicates that the identified | |||
| Diameter session is to be added to the session group as identified | Diameter session is to be assigned to the session group as | |||
| by the Session-Group-Id AVP or the session's assignement to the | identified by the Session-Group-Id AVP or the session's assignment | |||
| session group identified in the Session-Group-Id AVP is still | to the session group identified in the Session-Group-Id AVP is | |||
| valid. When the flag is cleared, the identified Diameter session | still valid. When the flag is cleared, the identified Diameter | |||
| is to be removed from at least one session group. When the flag | session is to be removed from at least one session group. When | |||
| is cleared and the Session-Group-Info AVP identifies a particular | the flag is cleared and the Session-Group-Info AVP identifies a | |||
| session group in the associated Session-Group-Id AVP, the session | particular session group in the associated Session-Group-Id AVP, | |||
| is to be removed solely from the identified session group. When | the session is to be removed solely from the identified session | |||
| the flag is cleared and the Session-Group-Info AVP does not | group. When the flag is cleared and the Session-Group-Info AVP | |||
| identify a particular session group (Session-Group-Id AVP is | does not identify a particular session group (Session-Group-Id AVP | |||
| absent), the identified Diameter session is to be removed from all | is absent), the identified Diameter session is to be removed from | |||
| session groups, to which it has been previously assigned. | all session groups, to which it has been previously assigned. | |||
| SESSION_GROUP_STATUS_IND (0x00000010) | SESSION_GROUP_STATUS_IND (0x00000010) | |||
| This flag indicates the status of the session group identified in | This flag indicates the status of the session group identified in | |||
| the associated Session-Group-Id AVP. The flag is set when the | the associated Session-Group-Id AVP. The flag is set when the | |||
| identified session group has just been created or is still active. | identified session group has just been created or is still active. | |||
| If the flag is cleared, the identified session group is closed and | If the flag is cleared, the identified session group is deleted | |||
| the associated Session-Group-Id is released. If the Session- | and the associated Session-Group-Id is released. If the Session- | |||
| Group-Info AVP does not comprise a Session-Group-Id AVP, this flag | Group-Info AVP does not comprise a Session-Group-Id AVP, this flag | |||
| is meaningless and MUST be ignored by the receiver. | is meaningless and MUST be ignored by the receiver. | |||
| 7.3. Session-Group-Id AVP | 7.3. Session-Group-Id AVP | |||
| The Session-Group-Id AVP (AVP Code TBD3) is of type UTF8String and | The Session-Group-Id AVP (AVP Code TBD3) is of type UTF8String and | |||
| identifies a group of Diameter sessions. | identifies a group of Diameter sessions. | |||
| The Session-Group-Id MUST be globally and eternally unique, as it is | The Session-Group-Id MUST be globally and eternally unique, as it is | |||
| meant to uniquely identify a group of Diameter sessions without | meant to uniquely identify a group of Diameter sessions without | |||
| reference to any other information. | reference to any other information. | |||
| The default format of the Session-Group-id MUST comply to the format | The default format of the Session-Group-id MUST comply to the format | |||
| recommended for a Session-Id, as defined in the section 8.8 of the | recommended for a Session-Id, as defined in the section 8.8 of the | |||
| [RFC6733]. The DiameterIdentity element of the Session-Group-Id MUST | [RFC6733]. The DiameterIdentity element of the Session-Group-Id MUST | |||
| identify the Diameter node, which owns the session group. | identify the Diameter node, which owns the session group. | |||
| 7.4. Session-Group-Action AVP | 7.4. Group-Response-Action AVP | |||
| The Session-Group-Action AVP (AVP Code TBD4) is of type Unsigned32 | The Group-Response-Action AVP (AVP Code TBD4) is of type Unsigned32 | |||
| and contains a 32-bit address space representing values indicating | and contains a 32-bit address space representing values indicating | |||
| how the peer SHOULD issue follow up exchanges in response to a | how the peer SHOULD issue follow up exchanges in response to a | |||
| command which impacts mulitple sessions. The following values are | command which impacts multiple sessions. The following values are | |||
| defined by this application: | defined by this application: | |||
| ALL_GROUPS (1) | ALL_GROUPS (1) | |||
| Follow up exchanges should be performed with a single message | Follow up exchanges should be performed with a single message | |||
| exchange for all impacted groups. | exchange for all impacted groups. | |||
| PER_GROUP (2) | PER_GROUP (2) | |||
| Follow up exchanges should be performed with a message exchange | Follow up exchanges should be performed with a message exchange | |||
| for each impacted group. | for each impacted group. | |||
| PER_SESSION (3) | PER_SESSION (3) | |||
| Follow up exchanges should be performed with a message exchange | Follow up exchanges should be performed with a message exchange | |||
| for each impacted session. | for each impacted session. | |||
| 7.5. Session-Group-Capability-Vector AVP | ||||
| The Session-Group-Capability-Vector AVP (AVP Code TBD5) is of type | ||||
| Unsigned32 and contains a 32-bit flags field to indicate capabilities | ||||
| in the context of session-group assignment and group operations. | ||||
| The following capabilities are defined in this document: | ||||
| BASE_SESSION_GROUP_CAPABILITY (0x00000001) | ||||
| This flag indicates the capability to support session grouping and | ||||
| session group operations according to this specification. | ||||
| 8. Result-Code AVP Values | 8. Result-Code AVP Values | |||
| This document does not define new Result-Code [RFC6733] values for | This document does not define new Result-Code [RFC6733] values for | |||
| existing applications, which are extended to support group commands. | existing applications, which are extended to support group commands. | |||
| Specification documents of new applications, which will have | Specification documents of new applications, which will have | |||
| intrinsic support for group commands, may specify new Result-Codes. | intrinsic support for group commands, may specify new Result-Codes. | |||
| 9. IANA Considerations | 9. IANA Considerations | |||
| This section contains the namespaces that have either been created in | This section contains the namespaces that have either been created in | |||
| this specification or had their values assigned to existing | this specification or had their values assigned to existing | |||
| namespaces managed by IANA. | namespaces managed by IANA. | |||
| 9.1. AVP Codes | 9.1. AVP Codes | |||
| This specification requires IANA to register the following new AVPs | This specification requires IANA to register the following new AVPs | |||
| from the AVP Code namespace defined in [RFC6733]. | from the AVP Code namespace defined in [RFC6733]. | |||
| o Session-Group-Info | o Session-Group-Info | |||
| o Session-Group-Feature-Vector | o Session-Group-Control-Vector | |||
| o Session-Group-Id | o Session-Group-Id | |||
| o Session-Group-Action | o Group-Response-Action | |||
| o Session-Group-Capability-Vector | ||||
| The AVPs are defined in Section 7. | The AVPs are defined in Section 7. | |||
| 10. Security Considerations | 10. Security Considerations | |||
| TODO | TODO | |||
| 11. Acknowledgments | 11. Acknowledgments | |||
| The authors of this document want to thank Ben Campbell and Eric | The authors of this document want to thank Ben Campbell and Eric | |||
| skipping to change at page 24, line 46 ¶ | skipping to change at page 19, line 14 ¶ | |||
| --------------------------------------------------------------- | --------------------------------------------------------------- | |||
| Idle Client or Device Requests Send Pending | Idle Client or Device Requests Send Pending | |||
| access service | access service | |||
| specific | specific | |||
| auth req | auth req | |||
| optionally | optionally | |||
| including | including | |||
| groups | groups | |||
| Open GASR received with Send GASA Discon | Open GASR received with Send GASA Discon | |||
| Session-Group-Action with | Group-Response-Action with | |||
| = ALL_GROUPS, Result-Code | = ALL_GROUPS, Result-Code | |||
| session is assigned to = SUCCESS, | session is assigned to = SUCCESS, | |||
| received group(s) and Send GSTR. | received group(s) and Send GSTR. | |||
| client will comply with | client will comply with | |||
| request to end the session | request to end the session | |||
| Open GASR received with Send GASA Discon | Open GASR received with Send GASA Discon | |||
| Session-Group-Action with | Group-Response-Action with | |||
| = PER_GROUPS, Result-Code | = PER_GROUPS, Result-Code | |||
| session is assigned to = SUCCESS, | session is assigned to = SUCCESS, | |||
| received group(s) and Send GSTR | received group(s) and Send GSTR | |||
| client will comply with per group | client will comply with per group | |||
| request to end the session | request to end the session | |||
| Open GASR received with Send GASA Discon | Open GASR received with Send GASA Discon | |||
| Session-Group-Action with | Group-Response-Action with | |||
| = PER_SESSION, Result-Code | = PER_SESSION, Result-Code | |||
| session is assigned to = SUCCESS, | session is assigned to = SUCCESS, | |||
| received group(s) and Send STR | received group(s) and Send STR | |||
| client will comply with per session | client will comply with per session | |||
| request to end the session | request to end the session | |||
| Open GASR received, Send GASA Open | Open GASR received, Send GASA Open | |||
| client will not comply with with | client will not comply with with | |||
| request to end all session Result-Code | request to end all session Result-Code | |||
| in received group(s) != SUCCESS | in received group(s) != SUCCESS | |||
| Discon GSTA Received Discon. Idle | Discon GSTA Received Discon. Idle | |||
| user/device | user/device | |||
| Open GRAR received with Send GRAA, Pending | Open GRAR received with Send GRAA, Pending | |||
| Session-Group-Action Send | Group-Response-Action Send | |||
| = ALL_GROUPS, service | = ALL_GROUPS, service | |||
| session is assigned to specific | session is assigned to specific | |||
| received group(s) and group | received group(s) and group | |||
| client will perform re-auth req | client will perform re-auth req | |||
| subsequent re-auth | subsequent re-auth | |||
| Open GRAR received with Send GRAA, Pending | Open GRAR received with Send GRAA, Pending | |||
| Session-Group-Action Send | Group-Response-Action Send | |||
| = PER_GROUP, service | = PER_GROUP, service | |||
| session is assigned to specific | session is assigned to specific | |||
| received group(s) and group | received group(s) and group | |||
| client will perform re-auth req | client will perform re-auth req | |||
| subsequent re-auth per group | subsequent re-auth per group | |||
| Open GRAR received with Send GRAA, Pending | Open GRAR received with Send GRAA, Pending | |||
| Session-Group-Action Send | Group-Response-Action Send | |||
| = PER_SESSION, service | = PER_SESSION, service | |||
| session is assigned to specific | session is assigned to specific | |||
| received group(s) and re-auth req | received group(s) and re-auth req | |||
| client will perform per session | client will perform per session | |||
| subsequent re-auth | subsequent re-auth | |||
| Open GRAR received and client will Send GRAA Idle | Open GRAR received and client will Send GRAA Idle | |||
| not perform subsequent with | not perform subsequent with | |||
| re-auth Result-Code | re-auth Result-Code | |||
| != SUCCESS, | != SUCCESS, | |||
| End of changes. 70 change blocks. | ||||
| 261 lines changed or deleted | 316 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||