draft-ietf-radext-chargeable-user-id-02.txt   draft-ietf-radext-chargeable-user-id-03.txt 
Network Working Group F. Adrangi Network Working Group F. Adrangi
Internet-Draft Intel Internet-Draft Intel
Expires: July 5, 2005 A. Lior Expires: September 2, 2005 A. Lior
Bridgewater Systems Bridgewater Systems
J. Korhonen J. Korhonen
Teliasonera Teliasonera
J. Loughney J. Loughney
Nokia Nokia
January 2005 March 2005
Chargeable User Identity Chargeable User Identity
draft-ietf-radext-chargeable-user-id-02 draft-ietf-radext-chargeable-user-id-03
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, each of Section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 1, line 41 skipping to change at page 1, line 40
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 5, 2005. This Internet-Draft will expire on September 2, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document describes a new RADIUS attribute, This document describes a new RADIUS attribute,
Chargeable-User-Identity. This attribute can be used by a home Chargeable-User-Identity. This attribute can be used by a home
network to identify a user for the purpose of roaming transactions network to identify a user for the purpose of roaming transactions
that occur outside of the home network. that occur outside of the home network.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Chargeable-User-Identity (CUI) Attribute . . . . . . . . . 5 2.1 Chargeable-User-Identity (CUI) Attribute . . . . . . . . . 5
2.2 CUI Attribute . . . . . . . . . . . . . . . . . . . . . . 6
3. Attribute Table . . . . . . . . . . . . . . . . . . . . . . . 7 3. Attribute Table . . . . . . . . . . . . . . . . . . . . . . . 7
4. Diameter Consideration . . . . . . . . . . . . . . . . . . . . 7 4. Diameter Consideration . . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
5.1 CUI RADIUS Attribute . . . . . . . . . . . . . . . . . . . 7 6. Security considerations . . . . . . . . . . . . . . . . . . . 7
5.2 Error-Cause Attribute . . . . . . . . . . . . . . . . . . 8
6. Security considerations . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1 Normative references . . . . . . . . . . . . . . . . . . . 8 8.1 Normative references . . . . . . . . . . . . . . . . . . . 8
8.2 Informative references . . . . . . . . . . . . . . . . . . 9 8.2 Informative references . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . 11 Intellectual Property and Copyright Statements . . . . . . . . 10
1. Introduction 1. Introduction
Some authentication methods, including EAP-PEAP, EAP-TTLS, EAP-SIM Some authentication methods, including EAP-PEAP, EAP-TTLS, EAP-SIM
and EAP-AKA, can hide the true identity of the user from RADIUS and EAP-AKA, can hide the true identity of the user from RADIUS
servers outside of the user's home network. In these methods, the servers outside of the user's home network. In these methods, the
User-Name(1) attribute contains an anonymous identity (e.g., User-Name(1) attribute contains an anonymous identity (e.g.,
@example.com) sufficient to route the RADIUS packets to the home @example.com) sufficient to route the RADIUS packets to the home
network but otherwise insufficient to identify the user. While this network but otherwise insufficient to identify the user. While this
mechanism is good practice in some circumstances, there are problems mechanism is good practice in some circumstances, there are problems
skipping to change at page 3, line 48 skipping to change at page 3, line 48
subscriber. subscriber.
When the home network assigns a value to the CUI, it asserts that When the home network assigns a value to the CUI, it asserts that
this value represents a user in the home network. The assertion this value represents a user in the home network. The assertion
should be temporary. Long enough to be useful for the external should be temporary. Long enough to be useful for the external
applications and not too long such that it can be used to identify applications and not too long such that it can be used to identify
the user. the user.
Several organizations, including WISPr, GSMA, 3GPP, Wi-Fi Alliance, Several organizations, including WISPr, GSMA, 3GPP, Wi-Fi Alliance,
IRAP, have been studying mechanisms to provide roaming services, IRAP, have been studying mechanisms to provide roaming services,
using RADIUS. One missing element is a mechanism for providing the using RADIUS. Missing elements include mechanisms for billing and
current deployments with the capacity to deploy, bill and oversee WPA fraud prevention.
networks against fraud.
The CUI attribute is intended to close operational loopholes in The CUI attribute is intended to close operational loopholes in
RADIUS specifications that have impacted roaming solutions RADIUS specifications that have impacted roaming solutions
negatively, especially when tunneled protocols with multiple negatively. Use of the CUI is geared toward EAP methods supporting
identities, such as PEAP or TTLS, are used. Use of the CUI is geared privacy (such as PEAP and EAP-TTLS), which are, for the most part,
to multi-identity EAP authentications which are, for the most part,
recent deployments. A chargeable identity reflecting the user recent deployments. A chargeable identity reflecting the user
profile authenticated by the home network is needed in such roaming profile authenticated by the home network is needed in such roaming
scenarios. scenarios.
1.1 Motivation 1.1 Motivation
Some other mechanisms have been proposed in place of the CUI Some other mechanisms have been proposed in place of the CUI
attribute. These mechanisms are insufficient or cause other attribute. These mechanisms are insufficient or cause other
problems. It has been suggested that standard RADIUS Class(25) or problems. It has been suggested that standard RADIUS Class(25) or
User-Name(1) attributes could be used to indicate the CUI. However, User-Name(1) attributes could be used to indicate the CUI. However,
in a complex global roaming environment where there could be one or in a complex global roaming environment where there could be one or
more intermediaries between the NAS and the home RADIUS server, the more intermediaries between the NAS and the home RADIUS server, the
use of aforementioned attributes could lead to problems as described use of aforementioned attributes could lead to problems as described
below. below.
- On the use of RADIUS Class(25) attribute: - On the use of RADIUS Class(25) attribute:
[RFC2865] states: "This Attribute is available to be sent by the [RFC2865] states: "This Attribute is available to be sent by the
server to the client in an Access-Accept and SHOULD be sent server to the client in an Access-Accept packet and SHOULD be sent
unmodified by the client to the accounting server as part of the unmodified by the client to the accounting server as part of the
Accounting-Request packet if accounting is supported. The client Accounting-Request packet if accounting is supported. The client
MUST NOT interpret the attribute locally." So RADIUS clients or MUST NOT interpret the attribute locally." So RADIUS clients or
intermediaries MUST NOT interpret the Class(25) attribute, which intermediaries MUST NOT interpret the Class(25) attribute, which
precludes determining whether it contains a CUI. Additionally, precludes determining whether it contains a CUI. Additionally,
there could be multiple class attributes in a RADIUS packet, and there could be multiple class attributes in a RADIUS packet, and
since the contents of Class(25) attribute is not to be interpreted since the contents of Class(25) attribute is not to be interpreted
by clients, this makes it hard to the entities outside home by clients, this makes it hard to the entities outside home
network to determine which one contains the CUI. network to determine which one contains the CUI.
- On the use of RADIUS User-Name(1) attribute: - On the use of RADIUS User-Name(1) attribute:
The User-Name(1) attribute included in the Access-Request may be The User-Name(1) attribute included in the Access-Request packet
used for the purpose of routing the Access-Request packet, and in may be used for the purpose of routing the Access-Request packet,
the process may be rewritten by intermediaries. As a result, a and in the process may be rewritten by intermediaries. As a
RADIUS server receiving an Access-Request packet relayed by a result, a RADIUS server receiving an Access-Request packet relayed
proxy cannot assume that the User-Name(1) attribute remained by a proxy cannot assume that the User-Name(1) attribute remained
unmodified. unmodified.
On the other hand, rewriting of a User-Name(1) attribute sent On the other hand, rewriting of a User-Name(1) attribute sent
within an Access-Accept packet occurs more rarely, since a within an Access-Accept packet occurs more rarely, since a
Proxy-State(33) attribute can be used to route the Access-Accept Proxy-State(33) attribute can be used to route the Access-Accept
packet without parsing the User-Name(1) attribute. As a result, a packet without parsing the User-Name(1) attribute. As a result, a
RADIUS server cannot assume that a proxy stripping routing RADIUS server cannot assume that a proxy stripping routing
information from a User-Name(1) attribute within an Access-Request information from a User-Name(1) attribute within an Access-Request
will add this information to a User-Name(1) attribute included packet will add this information to a User-Name(1) attribute
within an Access-Accept. The result is that when a User-Name(1) included within an Access-Accept packet. The result is that when
attribute is sent in an Access-Accept it is possible that the a User-Name(1) attribute is sent in an Access-Accept packet it is
Access-Request and Accounting-Request packets will follow possible that the Access-Request packet and Accounting-Request
different paths. Where this outcome is undesirable, the RADIUS packets will follow different paths. Where this outcome is
client should use the original User-Name(1) in accounting packets. undesirable, the RADIUS client should use the original
Therfore, another mechanism is required to convey a CUI within an User-Name(1) in accounting packets. Therfore, another mechanism
Access-Accept packet to the RADIUS client, so that the CUI can be is required to convey a CUI within an Access-Accept packet to the
included in the accounting packets. RADIUS client, so that the CUI can be included in the accounting
packets.
The CUI attribute provides a solution to the above problem and avoids The CUI attribute provides a solution to the above problems and
overloading the use of current RADIUS attributes (e.g., User-Name(1) avoids overloading RADIUS User-Name(1) attribute or changing the
re-write). The CUI is the correct standards-based approach to fixing usage of existing RADIUS Class(25) attribute. The CUI therefore
the problems which have arisen with multiple-identity RADIUS provides a standard approach to billing and fraud prevention when EAP
authorization and accounting methods. It does not solve all related methods supporting privacy are used. It does not solve all related
problems, but does provide networks the ability to bill and oversee problems, but does provide for billing and fraud prevention.
WPA networks against fraud.
1.2 Terminology 1.2 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3GPP - Third Generation Partnership Program 3GPP - Third Generation Partnership Program
AAA - Authentication, Authorization and Accounting AAA - Authentication, Authorization and Accounting
CUI - Chargeable-User-Identity CUI - Chargeable-User-Identity
skipping to change at page 6, line 9 skipping to change at page 6, line 8
representing a chargeable identity as defined and provided by the representing a chargeable identity as defined and provided by the
home network as a supplemental or alternative information to home network as a supplemental or alternative information to
User-Name(1). Typically the CUI represents the identity of the User-Name(1). Typically the CUI represents the identity of the
actual user but it may also indicate other chargeable identities such actual user but it may also indicate other chargeable identities such
as a group of users. RADIUS clients (proxy or NAS) outside the home as a group of users. RADIUS clients (proxy or NAS) outside the home
network MUST NOT modify the CUI attribute. network MUST NOT modify the CUI attribute.
The RADIUS server (a RADIUS proxy, home RADIUS server) may include The RADIUS server (a RADIUS proxy, home RADIUS server) may include
the CUI attribute in the Access-Accept packet destined to a roaming the CUI attribute in the Access-Accept packet destined to a roaming
partner. The CUI support by RADIUS infrastructure is driven by the partner. The CUI support by RADIUS infrastructure is driven by the
business requirements between roaming entities. Therefore whether a business requirements between roaming entities. Therefore a RADIUS
RADIUS server/proxy or client accepts or rejects the presence or lack server supporting this specification may not choose to send the CUI
of presence of the CUI attribute is a matter of business policy. in response to an Access-Request packet from a given NAS, even if the
NAS has indicated that it supports CUI.
If an Access-Accept packet without the CUI attribute was received by If an Access-Accept packet without the CUI attribute was received by
a RADIUS client (NAS or Proxy) that requires the presence of the CUI a RADIUS client that requested the CUI attribute, then the
attribute, then the Access-Accept packet MAY be treated as an Access-Accept packet MAY be treated as an Access-Reject.
Access-Reject packet based on local policies.
If the CUI was included in the Access-Accept packet, RADIUS client If the CUI was included in an Access-Accept packet, RADIUS clients
(Proxy or NAS) that supports the CUI attribute MUST ensure that the supporting the CUI attribute MUST ensure that the CUI attribute
CUI attribute appears in the RADIUS Accounting-Request (Start, appears in the RADIUS Accounting-Request (Start, Interim, and Stop).
Interim, and Stop).
RFC 2865 includes the following statements about behaviors of RADIUS RFC 2865 includes the following statements about behaviors of RADIUS
client and server with respect to unsupported attributes: client and server with respect to unsupported attributes:
- "A RADIUS client MAY ignore Attributes with an unknown Type." - "A RADIUS client MAY ignore Attributes with an unknown Type."
- "A RADIUS server MAY ignore Attributes with an unknown Type." - "A RADIUS server MAY ignore Attributes with an unknown Type."
Therefore, RADIUS client or server that does not support the CUI Therefore, RADIUS clients or servers that do not support the CUI may
attribute MAY ignore this attribute. ignore the attribute. A RADIUS client requesting the CUI attribute
in an Access-Accept packet MUST include within the Access-Request
If RADIUS client (Proxy or NAS) requires the presence of the CUI packet a CUI attribute with a single NUL character (referred to as a
attribute in the Access-Accept, it MUST indicate its requirement by nul CUI).
including the CUI attribute in the Access-Request packet with a value
set to the nul character (hereafter, it is also referred to as a nul
CUI).
If a home RADIUS server that supports the CUI attribute receives an If a home RADIUS server that supports the CUI attribute receives an
Access-Request containing a CUI (set to nul or otherwise), it MUST Access-Request packet containing a CUI (set to nul or otherwise), it
include the CUI attribute in the Access-Accept. Otherwise, if the MUST include the CUI attribute in the Access-Accept packet.
Access-Request does not contain a CUI, the home RADIUS server MUST Otherwise, if the Access-Request packet does not contain a CUI, the
NOT include the CUI attribute in the Access-Accept. home RADIUS server MUST NOT include the CUI attribute in the
Access-Accept packet.
A RADIUS server (a RADIUS proxy or the home RADIUS server) that 2.2 CUI Attribute
requires the presence of the CUI in the Accounting-Request packets
(Start, Stop, Interims) MAY respond with an Access-Reject packet if
it receives an Access-Request messsage from a RADIUS client, that
does not support the CUI attribute. The Access-Reject packet MUST
include Error-Cause attribute [RFC3576] with value (to-be-defined)
(decimal), "CUI-Support-Required".
A summary of the RADIUS CUI Attribute is given below. A summary of the RADIUS CUI Attribute is given below.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String... | Type | Length | String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: TBD for Chargeable-User-Identity. Type: TBD for Chargeable-User-Identity.
skipping to change at page 7, line 36 skipping to change at page 7, line 24
3. Attribute Table 3. Attribute Table
The following table provides a guide to which attribute(s) may be The following table provides a guide to which attribute(s) may be
found in which kinds of packets, and in what quantity. found in which kinds of packets, and in what quantity.
Request Accept Reject Challenge Accounting # Attribute Request Accept Reject Challenge Accounting # Attribute
Request Request
0-1 0-1 0 0 0-1 TBD Chargeable-User-identity 0-1 0-1 0 0 0-1 TBD Chargeable-User-identity
[Note 1] If the Access-Accept contains CUI then the NAS MUST include [Note 1] If the Access-Accept packet contains CUI then the NAS MUST
the CUI in Accounting Requests (Start, Interim and Stop) packets. include the CUI in Accounting Requests (Start, Interim and Stop)
packets.
4. Diameter Consideration 4. Diameter Consideration
Diameter needs to define an identical attribute with the same Type Diameter needs to define an identical attribute with the same Type
value. The CUI should be available as part of the NASREQ value. The CUI should be available as part of the NASREQ
application. application.
5. IANA Considerations 5. IANA Considerations
5.1 CUI RADIUS Attribute
This document uses the RADIUS [RFC2865] namespace, see This document uses the RADIUS [RFC2865] namespace, see
"http://www.iana.org/assignments/radius-types". This document "http://www.iana.org/assignments/radius-types". This document
instructs IANA to assign a new RADIUS attribute number for the CUI instructs IANA to assign a new RADIUS attribute number for the CUI
attribute. attribute.
CUI TBA CUI TBA
5.2 Error-Cause Attribute
This document instructs IANA to assign a new value for Error-Cause
attribute [RFC3576],
"CUI-Support-Required" TBA
6. Security considerations 6. Security considerations
It is strongly recommended that the CUI format used is such that the It is strongly recommended that the CUI format used is such that the
real user identity is not revealed. Furthermore, where a reference real user identity is not revealed. Furthermore, where a reference
is used to a real user identity, the binding lifetime of that is used to a real user identity, the binding lifetime of that
reference to the real user be kept as short as possible. reference to the real user be kept as short as possible.
The RADIUS entities (RADIUS proxies and clients)outside the home The RADIUS entities (RADIUS proxies and clients)outside the home
netowrk MUST NOT modify the CUI. However, there is no way to detect netowrk MUST NOT modify the CUI. However, there is no way to detect
or prevent this. or prevent this.
If the NAS includes CUI in an Access-Request. A man in the middle If the NAS includes CUI in an Access-Request packet, a
may remove the CUI attribute from the Access-Request. The result is man-in-the-middle may remove it. This will cause the Access-Accept
that the Access-Accept will not have a CUI which will cause the NAS packet to not include a CUI attribute, which may cause the NAS to
to reject the session resulting in a DOS attack. To prevent this reject the session. To prevent such a DoS attack, the NAS SHOULD
attack, the NAS SHOULD include Message-Authenticator(80) in the include a Message-Authenticator(80) attribute within Access-Request
Access-Request packets that contain a CUI. packets containing a CUI attribute.
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Jari Arkko, Bernard Aboba, David The authors would like to thank Jari Arkko, Bernard Aboba, David
Nelson, Barney Wolff, Blair Bullock, Sami Ala-Luukko, Lothar Reith, Nelson, Barney Wolff, Blair Bullock, Sami Ala-Luukko, Lothar Reith,
David Mariblanca, Eugene Chang, Greg Weber, and Mark Grayson, for David Mariblanca, Eugene Chang, Greg Weber, and Mark Grayson, for
their feedback and guidance. their feedback and guidance.
8. References 8. References
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/