idnits 2.17.1 draft-ietf-roamops-nai-08.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == The page length should not exceed 58 lines per page, but there was 5 longer pages, the longest (page 2) being 66 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 66 instances of weird spacing in the document. Is it really formatted ragged-right, rather than justified? ** There are 100 instances of too long lines in the document, the longest one being 5 characters in excess of 72. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 142: '... MUST support an NAI length of at ...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 13 has weird spacing: '...), its areas...' == Line 14 has weird spacing: '... its worki...' == Line 18 has weird spacing: '... and may ...' == Line 19 has weird spacing: '...afts as refer...' == Line 22 has weird spacing: '... To learn...' == (61 more instances...) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (17 December 1997) is 9627 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '2' is defined on line 214, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 218, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 2194 (ref. '1') ** Obsolete normative reference: RFC 2138 (ref. '2') (Obsoleted by RFC 2865) ** Obsolete normative reference: RFC 2139 (ref. '3') (Obsoleted by RFC 2866) ** Obsolete normative reference: RFC 821 (ref. '5') (Obsoleted by RFC 2821) ** Obsolete normative reference: RFC 2052 (ref. '6') (Obsoleted by RFC 2782) Summary: 18 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROAMOPS Working Group Bernard Aboba 3 INTERNET-DRAFT Microsoft 4 Category: Standards Track Mark A. Beadles 5 CompuServe, Inc. 6 17 December 1997 8 The Network Access Identifier 10 1. Status of this Memo 12 This document is an Internet-Draft. Internet-Drafts are working docu- 13 ments of the Internet Engineering Task Force (IETF), its areas, and 14 its working groups. Note that other groups may also distribute work- 15 ing documents as Internet-Drafts. 17 Internet-Drafts are draft documents valid for a maximum of six months 18 and may be updated, replaced, or obsoleted by other documents at any 19 time. It is inappropriate to use Internet-Drafts as reference mate- 20 rial or to cite them other than as ``work in progress.'' 22 To learn the current status of any Internet-Draft, please check the 23 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 24 Directories on ds.internic.net (US East Coast), nic.nordu.net 25 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 27 The distribution of this memo is unlimited. It is filed as and expires June 1, 1998. Please send com- 29 ments to the authors. 31 2. Abstract 33 In order to enhance the interoperability of roaming and tunneling ser- 34 vices, it is desirable to have a standardized method for identifying 35 users. This document proposes syntax for the Network Access Identi- 36 fier (NAI). It is expected that this will be of interest for support 37 of roaming as well as tunneling. ''Roaming capability'' may be loosely 38 defined as the ability to use any one of multiple Internet service 39 providers (ISPs), while maintaining a formal, customer-vendor rela- 40 tionship with only one. Examples of cases where roaming capability 41 might be required include ISP ''confederations'' and ISP-provided corpo- 42 rate network access support. 44 3. Introduction 46 Considerable interest has arisen recently in a set of features that 47 fit within the general category of "roaming capability" for dialup 48 Internet users. Interested parties have included: 50 Regional Internet Service Providers (ISPs) operating within a 51 particular state or province, looking to combine their efforts 52 with those of other regional providers to offer dialup service 53 over a wider area. 55 National ISPs wishing to combine their operations with those of 56 one or more ISPs in another nation to offer more comprehensive 57 dialup service in a group of countries or on a continent. 59 Businesses desiring to offer their employees a comprehensive 60 package of dialup services on a global basis. Those services may 61 include Internet access as well as secure access to corporate 62 intranets via a Virtual Private Network (VPN), enabled by tunnel- 63 ing protocols such as PPTP, L2F, L2TP, and IPSEC tunnel mode. 65 In order to enhance the interoperability of roaming and tunneling ser- 66 vices, it is desirable to have a standardized method for identifying 67 users. This document proposes syntax for the Network Access Identi- 68 fier (NAI). Examples of implementations that use the NAI, and 69 descriptions of its semantics, can be found in [1]. 71 3.1. Terminology 73 This document frequently uses the following terms: 75 Network Access Identifier 76 The Network Access Identifier (NAI) is the userID submitted 77 by the client during PPP authentication. In roaming, the 78 purpose of the NAI is to identify the user as well as to 79 assist in the routing of the authentication request. Please 80 note that the NAI may not necessarily be the same as the 81 user's e-mail address or the userID submitted in an applica- 82 tion layer authentication. 84 Network Access Server 85 The Network Access Server (NAS) is the device that clients 86 dial in order to get access to the network. In PPTP termi- 87 nology this is referred to as the PPTP Access Concentrator 88 (PAC), and in L2TP terminology, it is referred to as the 89 L2TP Access Concentrator (LAC). 91 Roaming Capability 92 Roaming capability can be loosely defined as the ability to 93 use any one of multiple Internet service providers (ISPs), 94 while maintaining a formal, customer-vendor relationship 95 with only one. Examples of cases where roaming capability 96 might be required include ISP "confederations" and ISP-pro- 97 vided corporate network access support. 99 Tunneling Service 100 A tunneling service is any network service enabled by tun- 101 neling protocols such as PPTP, L2F, L2TP, and IPSEC tunnel 102 mode. One example of a tunneling service is secure access 103 to corporate intranets via a Virtual Private Network (VPN). 105 3.2. Purpose 107 As described in [1], there are now a number of services implementing 108 dialup roaming, and the number of Internet Service Providers involved 109 in roaming consortia is increasing rapidly. 111 In order to be able to offer roaming capability, one of the require- 112 ments is to be able to identify the user's home authentication server. 113 For use in roaming, this function is accomplished via the Network 114 Access Identifier (NAI) submitted by the user to the NAS in the ini- 115 tial PPP authentication. It is also expected that NASes will use the 116 NAI as part of the process of opening a new tunnel, in order to deter- 117 mine the tunnel endpoint. 119 3.3. Notes for Implementors 121 As proposed in this document, the Network Access Identifier is of the 122 form user@realm. Please note that while the user portion of the NAI 123 conforms to the BNF described in [5], and the realm conforms to the 124 BNF described in [4], the NAI need not be a valid e-mail address. 125 While the realm is typically a Fully Qualified Domain Name (FQDN), it 126 is not required that this be the case. As a result, use of an FQDN as 127 the realm does not imply use of DNS for location of the authentication 128 server or for authentication routing. 130 Since to date roaming has been implemented on a relatively small 131 scale, existing implementations handle location of authentication 132 servers within a domain and perform authentication routing based on 133 local knowledge expressed in proxy configuration files. The implemen- 134 tations described in [1] have not found a need for use of DNS for 135 location of the authentication server within a domain, although this 136 can be accomplished via use of the DNS SRV record, described in [6]. 137 Similarly, existing implementations have not found a need for dynamic 138 routing protocols, or propagation of global routing information. 140 Please note that NAS vendors may need to modify their devices so as to 141 support the NAI as described in this document. Devices handling NAIs 142 MUST support an NAI length of at least 72 octets. 144 4. Formal definition of the NAI 146 The grammar for the NAI is given below. The grammar for the username 147 is taken from [5], and the grammar for the realm is based on [4]. 149 ::= | "@" 151 ::= 153 ::=