draft-ietf-dime-rfc4005bis-10.txt   draft-ietf-dime-rfc4005bis-11.txt 
Network Working Group G. Zorn, Ed. Network Working Group G. Zorn, Ed.
Internet-Draft Network Zen Internet-Draft Network Zen
Obsoletes: 4005 (if approved) July 15, 2012 Obsoletes: 4005 (if approved) July 31, 2012
Intended status: Standards Track Intended status: Standards Track
Expires: January 16, 2013 Expires: February 1, 2013
Diameter Network Access Server Application Diameter Network Access Server Application
draft-ietf-dime-rfc4005bis-10 draft-ietf-dime-rfc4005bis-11
Abstract Abstract
This document describes the Diameter protocol application used for This document describes the Diameter protocol application used for
Authentication, Authorization, and Accounting (AAA) services in the Authentication, Authorization, and Accounting (AAA) services in the
Network Access Server (NAS) environment; it obsoletes RFC 4005. When Network Access Server (NAS) environment; it obsoletes RFC 4005. When
combined with the Diameter Base protocol, Transport Profile, and combined with the Diameter Base protocol, Transport Profile, and
Extensible Authentication Protocol specifications, this application Extensible Authentication Protocol specifications, this application
specification satisfies typical network access services requirements. specification satisfies typical network access services requirements.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 16, 2013. This Internet-Draft will expire on February 1, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 35 skipping to change at page 4, line 35
4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 53 4.6.8. Acct-Delay-Time AVP . . . . . . . . . . . . . . . . . 53
4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 54 4.6.9. Acct-Link-Count AVP . . . . . . . . . . . . . . . . . 54
4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 54 4.6.10. Acct-Tunnel-Connection AVP . . . . . . . . . . . . . . 54
4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 55 4.6.11. Acct-Tunnel-Packets-Lost AVP . . . . . . . . . . . . . 55
5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 55 5. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 55
5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 55 5.1. AA-Request/Answer AVP Table . . . . . . . . . . . . . . . 55
5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 58 5.2. Accounting AVP Tables . . . . . . . . . . . . . . . . . . 58
5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 59 5.2.1. Framed Access Accounting AVP Table . . . . . . . . . . 59
5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 61 5.2.2. Non-Framed Access Accounting AVP Table . . . . . . . . 61
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 62
7. Security Considerations . . . . . . . . . . . . . . . . . . . 62 7. Security Considerations . . . . . . . . . . . . . . . . . . . 63
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 63 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 63
8.1. Normative References . . . . . . . . . . . . . . . . . . . 63 8.1. Normative References . . . . . . . . . . . . . . . . . . . 63
8.2. Informative References . . . . . . . . . . . . . . . . . . 64 8.2. Informative References . . . . . . . . . . . . . . . . . . 64
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 67 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 67
A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 67 A.1. RFC 4005 . . . . . . . . . . . . . . . . . . . . . . . . . 67
A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 68 A.2. RFC 4005bis . . . . . . . . . . . . . . . . . . . . . . . 68
1. Introduction 1. Introduction
This document describes the Diameter protocol application used for This document describes the Diameter protocol application used for
skipping to change at page 11, line 20 skipping to change at page 11, line 20
| Re-Auth-Request | RAR | 258 | Section 3.3 | | Re-Auth-Request | RAR | 258 | Section 3.3 |
| Re-Auth-Answer | RAA | 258 | Section 3.4 | | Re-Auth-Answer | RAA | 258 | Section 3.4 |
| Session-Termination-Request | STR | 275 | Section 3.5 | | Session-Termination-Request | STR | 275 | Section 3.5 |
| Session-Termination-Answer | STA | 275 | Section 3.6 | | Session-Termination-Answer | STA | 275 | Section 3.6 |
| Abort-Session-Request | ASR | 274 | Section 3.7 | | Abort-Session-Request | ASR | 274 | Section 3.7 |
| Abort-Session-Answer | ASA | 274 | Section 3.8 | | Abort-Session-Answer | ASA | 274 | Section 3.8 |
| Accounting-Request | ACR | 271 | Section 3.9 | | Accounting-Request | ACR | 271 | Section 3.9 |
| Accounting-Answer | ACA | 271 | Section 3.10 | | Accounting-Answer | ACA | 271 | Section 3.10 |
+-----------------------------------+---------+------+--------------+ +-----------------------------------+---------+------+--------------+
Note that the message formats in the following sub-sections use the
standard Diameter Command Code Format ([I-D.ietf-dime-rfc3588bis],
Section 3.2).
3.1. AA-Request (AAR) Command 3.1. AA-Request (AAR) Command
The AA-Request (AAR), which is indicated by setting the Command-Code The AA-Request (AAR), which is indicated by setting the Command-Code
field to 265 and the 'R' bit in the Command Flags field, is used to field to 265 and the 'R' bit in the Command Flags field, is used to
request authentication and/or authorization for a given NAS user. request authentication and/or authorization for a given NAS user.
The type of request is identified through the Auth-Request-Type AVP The type of request is identified through the Auth-Request-Type AVP
[I-D.ietf-dime-rfc3588bis]. The recommended value for most [I-D.ietf-dime-rfc3588bis]. The recommended value for most
situations is AUTHORIZE_AUTHENTICATE. situations is AUTHORIZE_AUTHENTICATE.
If Authentication is requested, the User-Name attribute SHOULD be If Authentication is requested, the User-Name attribute SHOULD be
skipping to change at page 62, line 42 skipping to change at page 62, line 42
Several of the namespaces used in this document are managed by the Several of the namespaces used in this document are managed by the
Internet Assigned Numbers Authority [IANA], including the AVP Codes Internet Assigned Numbers Authority [IANA], including the AVP Codes
[AVP-Codes], AVP Specific Values [AVP-Vals], Application IDs [AVP-Codes], AVP Specific Values [AVP-Vals], Application IDs
[App-Ids], Command Codes [Command-Codes] and RADIUS Attribute Values [App-Ids], Command Codes [Command-Codes] and RADIUS Attribute Values
[RADIUSAttrVals]. [RADIUSAttrVals].
For the current values allocated, and the policies governing For the current values allocated, and the policies governing
allocation in those namespaces, please see the above-referenced allocation in those namespaces, please see the above-referenced
registries. registries.
IANA Note: Please change all the references in the registries listed
above that are currently pointing to RFC 4005 to point to this
document instead; please change the reference for for the value '1'
in the "Application IDs" sub-registry of the "Authentication,
Authorization, and Accounting (AAA) Parameters" registry to point to
this document, as well.
RFC Editor: Please remove both this note and the IANA note above
before publication.
7. Security Considerations 7. Security Considerations
This document describes the extension of Diameter for the NAS This document describes the extension of Diameter for the NAS
application. The security considerations of the Diameter protocol application. The security considerations of the Diameter protocol
itself are discussed in [I-D.ietf-dime-rfc3588bis]. Use of this itself are discussed in [I-D.ietf-dime-rfc3588bis]. Use of this
application of Diameter MUST take into consideration the security application of Diameter MUST take into consideration the security
issues and requirements of the Base protocol. issues and requirements of the Base protocol.
The use of the User-Password (Section 4.3.1) and Tunnel-Password The use of the User-Password (Section 4.3.1) and Tunnel-Password
(Section 4.5.6) AVPs is not safe in the absence of end-to-end (Section 4.5.6) AVPs is not safe in the absence of end-to-end
 End of changes. 7 change blocks. 
5 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/