draft-ietf-dhc-options-uap-00.txt   draft-ietf-dhc-options-uap-01.txt 
Dynamic Host Configuration Working Group Steve Drach Network Working Group S. Drach
INTERNET-DRAFT Sun Microsystems, Inc. INTERNET-DRAFT Sun Microsystems
August 1998 Obsoletes: draft-ietf-dhc-options-uap-00.txt September 1998
Expires February 1999 Expires March 1999
DHCP Option for User Authentication Protocol DHCP Option for User Authentication Protocol
<draft-ietf-dhc-options-uap-00.txt> <draft-ietf-dhc-options-uap-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at page 1, line 31 skipping to change at line 30
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
To view the entire list of current Internet-Drafts, please check the To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
Abstract Abstract
This document defines a DHCP [1] option that contains a pointer to a This document defines a DHCP [1] option that contains a list of
User Authentication Protocol server that provides user authentication pointers to User Authentication Protocol servers that provide user
services for clients that conform to The Open Group Network Computer authentication services for clients that conform to The Open Group
Technical Standard. Network Computing Client Technical Standard [2].
Introduction Introduction
The Open Group Network Computer Technical Standard, a product of The The Open Group Network Computing Client Technical Standard, a product
Open Group's Network Computer Working Group (NCWG), defines a network of The Open Group's Network Computing Working Group (NCWG), defines a
computer user authentication facility named the User Authentication network computing client user authentication facility named the User
Protocol (UAP). Authentication Protocol (UAP).
UAP provides two levels of authentication, basic and secure. Basic UAP provides two levels of authentication, basic and secure. Basic
authentication uses the Basic Authentication mechanism defined in the authentication uses the Basic Authentication mechanism defined in the
HTTP 1.1 [2] specification. Secure authentication is simply basic HTTP 1.1 [3] specification. Secure authentication is simply basic
authentication encapsulated in an SSLv3 [3] session. authentication encapsulated in an SSLv3 [4] session.
In both cases, a UAP client needs to obtain the IP address and port In both cases, a UAP client needs to obtain the IP address and port
of the UAP service. Additional path information may be required, of the UAP service. Additional path information may be required,
depending on the implementation of the service. A URL [4] is an depending on the implementation of the service. A URL [5] is an
excellent mechanism for encapsulation of this information since many excellent mechanism for encapsulation of this information since many
UAP servers will be implemented as components within legacy HTTP/SSL UAP servers will be implemented as components within legacy HTTP/SSL
servers. servers.
Most UAP clients have no local state and are configured when booted Most UAP clients have no local state and are configured when booted
through DHCP. No existing DHCP option [5] has a data field that through DHCP. No existing DHCP option [6] has a data field that
contains a URL. Option 72 contains a list of IP addresses for WWW contains a URL. Option 72 contains a list of IP addresses for WWW
servers, but it is not adequate since a port and/or path can not be servers, but it is not adequate since a port and/or path can not be
specified. Hence there is a need for an option that contains a URL. specified. Hence there is a need for an option that contains a list
of URLs.
User Authentication Protocol Option User Authentication Protocol Option
This option specifies a URL pointing to a user authentication service This option specifies a list of URLs, each pointing to a user
that will process authentication requests encapsulated in the User authentication service that is capable of processing authentication
Authentication Protocol (UAP). UAP servers can accept either HTTP requests encapsulated in the User Authentication Protocol (UAP). UAP
1.1 or SSLv3 connections. If the URL does not contain a port servers can accept either HTTP 1.1 or SSLv3 connections. If the list
component, the normal default port is assumed (i.e., port 80 for http includes a URL that does not contain a port component, the normal
and port 443 for https). default port is assumed (i.e., port 80 for http and port 443 for
https). If the list includes a URL that does not contain a path
component, the path /uap is assumed.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Length | URL | Code | Length | URL list
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code TBD Code TBD
Length The length of the data field (i.e., URL) in bytes. Length The length of the data field (i.e., URL list) in
bytes.
URL URL pointing to the UAP service. URL list A list of one or more URLs separated by the ASCII
space character (0x20).
References References
[1] Droms, R., "Dynamic Host Configuration Protocol", RFC-2131, Droms, R., "Dynamic Host Configuration Protocol", RFC-2131, March
March 1997. 1997.
[2] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. Technical Standard: Network Computing Client, The Open Group,
Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC- Document Number C801, October 1998.
2068, January 1997.
[3] Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol, Ver- Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. Berners-Lee,
sion 3.0", Internet Draft, November 1996. "Hypertext Transfer Protocol -- HTTP/1.1", RFC-2068, January 1997.
[4] Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol, Version
Resource Locators (URL)", RFC-1738, December 1994. 3.0", Internet Draft, November 1996.
[5] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform Resource
Locators (URL)", RFC-1738, December 1994.
Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC-2132, March 1997. Extensions", RFC-2132, March 1997.
Security Considerations Security Considerations
DHCP currently provides no authentication or security mechanisms. DHCP currently provides no authentication or security mechanisms.
Potential exposures to attack are discussed in section 7 of the DHCP Potential exposures to attack are discussed in section 7 of the DHCP
protocol specification. protocol specification.
Author's Address Author's Address
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/