| < draft-tschofenig-radext-qos-03.txt | draft-tschofenig-radext-qos-04.txt > | |||
|---|---|---|---|---|
| RADIUS EXTensions (radext) H. Tschofenig | RADIUS EXTensions (radext) H. Tschofenig | |||
| Internet-Draft Siemens | Internet-Draft Siemens | |||
| Expires: December 27, 2006 A. Mankin | Intended status: Informational A. Mankin | |||
| Expires: April 26, 2007 | ||||
| T. Tsenov | T. Tsenov | |||
| A. Lior | A. Lior | |||
| Bridgewater Systems | Bridgewater Systems | |||
| June 25, 2006 | J. Korhonen | |||
| TeliaSonera | ||||
| October 23, 2006 | ||||
| RADIUS Quality of Service Support | RADIUS Quality of Service Support | |||
| draft-tschofenig-radext-qos-03.txt | draft-tschofenig-radext-qos-04.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 41 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on December 27, 2006. | This Internet-Draft will expire on April 26, 2007. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2006). | Copyright (C) The Internet Society (2006). | |||
| Abstract | Abstract | |||
| This document describes an extension to the RADIUS protocol that | This document describes an extension to the RADIUS protocol that | |||
| performs authentication, authorization, and accounting for Quality- | performs authentication, authorization, and accounting for Quality- | |||
| of-Service reservations. | of-Service reservations. | |||
| skipping to change at page 2, line 17 ¶ | skipping to change at page 2, line 23 ¶ | |||
| reservation is authorized, and to account for established QoS | reservation is authorized, and to account for established QoS | |||
| resources. | resources. | |||
| Flexibility is provided by offering support for different | Flexibility is provided by offering support for different | |||
| authorization models and by decoupling specific QoS attributes | authorization models and by decoupling specific QoS attributes | |||
| carried in the QoS signaling protocol from the AAA protocol. This | carried in the QoS signaling protocol from the AAA protocol. This | |||
| document is the RADIUS complement to the DIAMETER QoS application. | document is the RADIUS complement to the DIAMETER QoS application. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. RADIUS functional considerations . . . . . . . . . . . . . . . 6 | 4. RADIUS functional considerations . . . . . . . . . . . . . . . 7 | |||
| 5. Authorization and QoS parameter provision . . . . . . . . . . 7 | 5. Authorization and QoS parameter provision . . . . . . . . . . 8 | |||
| 5.1. QoS enabled initial access authentication and | 5.1. QoS enabled initial access authentication and | |||
| authorization . . . . . . . . . . . . . . . . . . . . . . 7 | authorization . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.2. Mid-Session QoS authorization . . . . . . . . . . . . . . 8 | 5.2. Mid-Session QoS authorization . . . . . . . . . . . . . . 9 | |||
| 5.2.1. Client-side initiated QoS | 5.2.1. Client-side initiated QoS | |||
| authorization/re-authorization . . . . . . . . . . . . 8 | authorization/re-authorization . . . . . . . . . . . . 9 | |||
| 5.2.2. Server-side initiated Re-Authorization . . . . . . . . 8 | 5.2.2. Server-side initiated Re-Authorization . . . . . . . . 9 | |||
| 5.3. Session Termination . . . . . . . . . . . . . . . . . . . 9 | 5.3. Session Termination . . . . . . . . . . . . . . . . . . . 10 | |||
| 5.3.1. Client-side initiated session termination . . . . . . 9 | 5.3.1. Client-side initiated session termination . . . . . . 10 | |||
| 5.3.2. Server-side initiated session termination . . . . . . 9 | 5.3.2. Server-side initiated session termination . . . . . . 10 | |||
| 6. Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 6. Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 7. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 7. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7.1. QSPEC Attribute . . . . . . . . . . . . . . . . . . . . . 11 | 7.1. QSPEC Attribute . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7.2. Flow Identification . . . . . . . . . . . . . . . . . . . 16 | 7.2. Flow Identification . . . . . . . . . . . . . . . . . . . 17 | |||
| 7.3. Authorization Objects . . . . . . . . . . . . . . . . . . 18 | 7.3. Authorization Objects . . . . . . . . . . . . . . . . . . 19 | |||
| 8. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 20 | 8. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 21 | |||
| 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 9.1. RADIUS authorization of a QoS signaling reservation | 9.1. RADIUS authorization of a QoS signaling reservation | |||
| request . . . . . . . . . . . . . . . . . . . . . . . . . 21 | request . . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 9.2. RADIUS authentication, authorization and management of | 9.2. RADIUS authentication, authorization and management of | |||
| a QoS-enabled access session . . . . . . . . . . . . . . . 23 | a QoS-enabled access session . . . . . . . . . . . . . . . 24 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 26 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . . 28 | 12.1. Normative References . . . . . . . . . . . . . . . . . . . 29 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . . 28 | 12.2. Informative References . . . . . . . . . . . . . . . . . . 29 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 31 | Intellectual Property and Copyright Statements . . . . . . . . . . 32 | |||
| 1. Introduction | 1. Introduction | |||
| To meet the quality-of-service needs of applications such as voice- | To meet the quality-of-service needs of applications such as voice- | |||
| over-IP, it will often be necessary to explicitly request resources | over-IP, it will often be necessary to explicitly request resources | |||
| from the network. This will allow the network to identify packets | from the network. This will allow the network to identify packets | |||
| belonging to these application flows and ensure that bandwidth, | belonging to these application flows and ensure that bandwidth, | |||
| delay, and error rate requirements are met. | delay, and error rate requirements are met. | |||
| This document is a complement to the ongoing work of the DIAMETER QoS | This document is a complement to the ongoing work of the DIAMETER QoS | |||
| skipping to change at page 27, line 8 ¶ | skipping to change at page 28, line 8 ¶ | |||
| applicable. Furthermore, the security of the QoS signaling protocol | applicable. Furthermore, the security of the QoS signaling protocol | |||
| and the QoS authorization framework must be considered in the | and the QoS authorization framework must be considered in the | |||
| evaluation of the security properties. | evaluation of the security properties. | |||
| [Editor's Note: A more detailed treatment will be provided in a | [Editor's Note: A more detailed treatment will be provided in a | |||
| future document version.] | future document version.] | |||
| 11. Acknowledgments | 11. Acknowledgments | |||
| We would like to thank Pete McCann and Franck Alfano for their work | We would like to thank Pete McCann and Franck Alfano for their work | |||
| on the DIAMETER QoS application. | on the Diameter QoS application. | |||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote | [1] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote | |||
| Authentication Dial In User Service (RADIUS)", RFC 2865, | Authentication Dial In User Service (RADIUS)", RFC 2865, | |||
| June 2000. | June 2000. | |||
| [2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. | [2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. | |||
| skipping to change at page 28, line 50 ¶ | skipping to change at page 29, line 50 ¶ | |||
| [10] Hancock, R., Karagiannis, G., Loughney, J., and S. Van den | [10] Hancock, R., Karagiannis, G., Loughney, J., and S. Van den | |||
| Bosch, "Next Steps in Signaling (NSIS): Framework", RFC 4080, | Bosch, "Next Steps in Signaling (NSIS): Framework", RFC 4080, | |||
| June 2005. | June 2005. | |||
| [11] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, | [11] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, | |||
| "Diameter Base Protocol", RFC 3588, September 2003. | "Diameter Base Protocol", RFC 3588, September 2003. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [12] Alfano, F., "Diameter Quality of Service Application", | [12] Alfano, F., "Diameter Quality of Service Application", | |||
| draft-tschofenig-dime-diameter-qos-00 (work in progress), | draft-tschofenig-dime-diameter-qos-01 (work in progress), | |||
| March 2006. | October 2006. | |||
| [13] Alfano, F., "Requirements for a QoS AAA Protocol", | [13] Alfano, F., "Requirements for a QoS AAA Protocol", | |||
| draft-alfano-aaa-qosreq-01 (work in progress), October 2003. | draft-alfano-aaa-qosreq-01 (work in progress), October 2003. | |||
| [14] Congdon, P., "RADIUS Filter Rule Attribute", | [14] Congdon, P., "RADIUS Filter Rule Attribute", | |||
| draft-ietf-radext-filter-00 (work in progress), June 2006. | draft-ietf-radext-filter-03 (work in progress), October 2006. | |||
| [15] Lior, A., "Prepaid extensions to Remote Authentication Dial-In | [15] Lior, A., "Prepaid extensions to Remote Authentication Dial-In | |||
| User Service (RADIUS)", draft-lior-radius-prepaid-extensions-10 | User Service (RADIUS)", draft-lior-radius-prepaid-extensions-11 | |||
| (work in progress), February 2006. | ||||
| [16] Ash, J., "QoS NSLP QSPEC Template", draft-ietf-nsis-qspec-10 | ||||
| (work in progress), June 2006. | (work in progress), June 2006. | |||
| [16] Ash, J., "QoS NSLP QSPEC Template", draft-ietf-nsis-qspec-12 | ||||
| (work in progress), October 2006. | ||||
| [17] Ash, J., "Y.1541-QOSM -- Y.1541 QoS Model for Networks Using | [17] Ash, J., "Y.1541-QOSM -- Y.1541 QoS Model for Networks Using | |||
| Y.1541 QoS Classes", draft-ash-nsis-y1541-qosm-00 (work in | Y.1541 QoS Classes", draft-ash-nsis-y1541-qosm-00 (work in | |||
| progress), May 2005. | progress), May 2005. | |||
| [18] Peterson, J., "Trait-based Authorization Requirements for the | [18] Peterson, J., "Trait-based Authorization Requirements for the | |||
| Session Initiation Protocol (SIP)", | Session Initiation Protocol (SIP)", | |||
| draft-ietf-sipping-trait-authz-02 (work in progress), | draft-ietf-sipping-trait-authz-02 (work in progress), | |||
| January 2006. | January 2006. | |||
| [19] Tschofenig, H., "SIP SAML Profile and Binding", | [19] Tschofenig, H., "SIP SAML Profile and Binding", | |||
| skipping to change at page 31, line 5 ¶ | skipping to change at page 31, line 40 ¶ | |||
| Avi Lior | Avi Lior | |||
| Bridgewater Systems Corporation | Bridgewater Systems Corporation | |||
| 303 Terry Fox Drive | 303 Terry Fox Drive | |||
| Ottawa, Ontario K2K 3J1 | Ottawa, Ontario K2K 3J1 | |||
| Canada | Canada | |||
| Phone: +1 613-591-6655 | Phone: +1 613-591-6655 | |||
| Email: avi@bridgewatersystems.com | Email: avi@bridgewatersystems.com | |||
| Intellectual Property Statement | Jouni Korhonen | |||
| TeliaSonera | ||||
| Teollisuuskatu 13 | ||||
| Sonera FIN-00051 | ||||
| Finland | ||||
| Email: jouni.korhonen@teliasonera.com | ||||
| Full Copyright Statement | ||||
| Copyright (C) The Internet Society (2006). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | ||||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ||||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | ||||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
| made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
| on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
| found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
| skipping to change at page 31, line 29 ¶ | skipping to change at page 32, line 45 ¶ | |||
| such proprietary rights by implementers or users of this | such proprietary rights by implementers or users of this | |||
| specification can be obtained from the IETF on-line IPR repository at | specification can be obtained from the IETF on-line IPR repository at | |||
| http://www.ietf.org/ipr. | http://www.ietf.org/ipr. | |||
| The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
| copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
| rights that may cover technology that may be required to implement | rights that may cover technology that may be required to implement | |||
| this standard. Please address the information to the IETF at | this standard. Please address the information to the IETF at | |||
| ietf-ipr@ietf.org. | ietf-ipr@ietf.org. | |||
| Disclaimer of Validity | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | ||||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ||||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | ||||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Copyright Statement | ||||
| Copyright (C) The Internet Society (2006). This document is subject | ||||
| to the rights, licenses and restrictions contained in BCP 78, and | ||||
| except as set forth therein, the authors retain all their rights. | ||||
| Acknowledgment | Acknowledgment | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is provided by the IETF | |||
| Internet Society. | Administrative Support Activity (IASA). | |||
| End of changes. 17 change blocks. | ||||
| 58 lines changed or deleted | 68 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||