draft-ietf-radext-extended-attributes-02.txt   draft-ietf-radext-extended-attributes-03.txt 
Network Working Group Y. Li Network Working Group Y. Li
Internet-Draft A. Lior Internet-Draft A. Lior
Intended status: Standards Track BWS Intended status: Standards Track BWS
Expires: September 16, 2008 G. Zorn Expires: September 16, 2008 G. Zorn
Aruba Networks Aruba Networks
March 15, 2008 March 15, 2008
Extended Remote Authentication Dial In User Service (RADIUS) Attributes Extended Remote Authentication Dial In User Service (RADIUS) Attributes
draft-ietf-radext-extended-attributes-02.txt draft-ietf-radext-extended-attributes-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 5, line 33 skipping to change at page 5, line 33
o The final octet of the header contains the More flag and Tag o The final octet of the header contains the More flag and Tag
field. If the one bit More flag is set (1) this indicates that field. If the one bit More flag is set (1) this indicates that
the encapsulated TLV is continued in the following Extended the encapsulated TLV is continued in the following Extended
Attribute; if the More flag is clear (0) then all of the Attribute; if the More flag is clear (0) then all of the
encapsulated TLVs fit into the current Extended Attribute. The encapsulated TLVs fit into the current Extended Attribute. The
More flag MUST NOT be set if the Extended Attribute contains more More flag MUST NOT be set if the Extended Attribute contains more
than one TLV. The Tag field is used to combine sets of related than one TLV. The Tag field is used to combine sets of related
Extended Attributes into simple groups. Extended Attributes into simple groups.
o The Data fields is an abstract container for TLVs; the Data field o The Data field is an abstract container for TLVs; the Data field
MUST contain at least one TLV. MUST contain at least one TLV.
TLVs are encoded as follows: TLVs are encoded as follows:
o The first octet is the Ext-Type field o The first octet is the Ext-Type field
o The next octet is the Ext-Length field, representing of the entire o The next octet is the Ext-Length field, representing of the entire
TLV, including the length of the Ext-Type field (1 octet), the TLV, including the length of the Ext-Type field (1 octet), the
length of the Ext-Length field itself (1 octet) and the length of length of the Ext-Length field itself (1 octet) and the length of
the Value field (1 or more octets) the Value field (1 or more octets)
skipping to change at page 7, line 28 skipping to change at page 7, line 28
>= 4. The length of the Extended Attribute, including the Ext- >= 4. The length of the Extended Attribute, including the Ext-
Type, Ext-Length and Value fields. Type, Ext-Length and Value fields.
Value Value
One or more octets. One or more octets.
6. Examples 6. Examples
Consider an attribute called Foo of type String. Foo is allocated an Consider an attribute called Foo of type String. Foo has been
Extended-Type by IANA of 10. The following figure shows the encoding allocated an Extended-Type 0f 257 by IANA. The following figure
of Foo(0,4) = "Hello": shows the encoding of Foo(0,4) = "Hello":
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | Type (26) | Length | Vendor-Id
| | (7 + 7 = 14) | (0) | | (7 + 7 = 14) | (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type |
|0| (0) | (257) | |0| (0) | (257) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 8, line 18 skipping to change at page 8, line 18
Attribute (Foo(0,6) = "Hello W"), while Figure 3 shows how the second Attribute (Foo(0,6) = "Hello W"), while Figure 3 shows how the second
attribute (Foo(246,250) = "e end.") is encoded. attribute (Foo(246,250) = "e end.") is encoded.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | Type (26) | Length | Vendor-Id
| |(7 + 248 = 255)| (0) | |(7 + 248 = 255)| (0)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) |M| Tag | Ext-Type | Vendor-Id (cont) |M| Tag | Ext-Type |
|1| (0) | (256) | |1| (0) | (257) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | | Ext-Length | Value | | |
|(2 + 246 = 248)| (H) | (e) | (l) | |(2 + 246 = 248)| (H) | (e) | (l) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | | | | | |
| (l) | (o) | ( ) | (W) | | (l) | (o) | ( ) | (W) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... ...
Figure 2 Figure 2
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id |
| | (7 + 8 = 15) | (0) | | | (7 + 8 = 15) | (0) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id |M| Tag | Ext-Type | Vendor-Id |M| Tag | Ext-Type |
(0) |0| (0) | (256) | (0) |0| (0) | (257) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Length | Value | |
| (2 + 6 = 8) | (e) | ( ) | (e) | (2 + 6 = 8) | (e) | ( ) | (e)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | | | |
| (n) | (d) | (.) | | (n) | (d) | (.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3 Figure 3
skipping to change at page 9, line 19 skipping to change at page 9, line 19
o encapsulation of more than one TLV in a single Extended Attribute o encapsulation of more than one TLV in a single Extended Attribute
Consider the following structure: Consider the following structure:
struct struct
Integer a; Integer a;
String b; String b;
Integer c; Integer c;
endStruct endStruct
Element a is assigned an Extended Type of 20. Element b is assigned Element a is assigned an Extended Type of 290. Element b is assigned
an Extended Type of 25 and element c is assigned an Extended Type of an Extended Type of 259 and element c is assigned an Extended Type of
27. The following figure illustrates the coding where a(0,20) = 271. The following figure illustrates the coding where a(0,20) =
0xDEADDEAD, b(0,1) = "He", b(243,250) = "The end." and is of length 0xDEADDEAD, b(0,1) = "He", b(243,250) = "The end." and is of length
251 octets; and c(0,27) = 0x12345678. The attributes are grouped 251 octets; and c(0,27) = 0x12345678. The attributes are grouped
together with TAG=42. For the sake of brevity, the value of b(3,241) together with TAG=42. For the sake of brevity, the value of b(3,241)
is omitted. is omitted.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id |
| | (7 + 6 = 13) | (0) | | | (7 + 6 = 13) | (0) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | | Vendor-Id |M| Tag | Ext-Type |
| (0) |0| (42) | (20) | | (0) |0| (42) | (290) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | | Ext-Length | Value | | |
| (2 + 4 = 6) | (0xDE) | (0xAD) | (0xDE) | | (2 + 4 = 6) | (0xDE) | (0xAD) | (0xDE) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| (0xAD) | | (0xAD) |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id |
| |(7 + 248 = 255)| (0) | | |(7 + 248 = 255)| (0) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | | Vendor-Id |M| Tag | Ext-Type |
| (0) |1| (42) | (25) | | (0) |1| (42) | (259) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | Ext-Length | Value | |
|(2 + 246 = 248)| (H) | (e) | |(2 + 246 = 248)| (H) | (e) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... ...
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (26) | Length | Vendor-Id | | Type (26) | Length | Vendor-Id |
| | (7+7+6=20) | (0) | | | (7+7+6=20) | (0) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |M| Tag | Ext-Type | | Vendor-Id |M| Tag | Ext-Type |
| (0) |0| (42) | (25) | | (0) |0| (42) | (259) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ext-Length | Value | | | | Ext-Length | Value | | |
| (2 + 5 = 7) | ( ) | (e) | (n) | | (2 + 5 = 7) | ( ) | (e) | (n) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | Ext-Type | Ext-Length | | | | Ext-Type | Ext-Length |
| (d) | (.) | (27) | (2 + 4 = 6) | | (d) | (.) | (271) | (2 + 4 = 6) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value | | | | | Value | | | |
| (0x12) | (0x34) | (0x56) | (0x78) | | (0x12) | (0x34) | (0x56) | (0x78) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4 Figure 4
7. Security Considerations 7. Security Considerations
TBD TBD
skipping to change at page 11, line 24 skipping to change at page 11, line 24
It also requires that IANA set up a new registry for the RADIUS It also requires that IANA set up a new registry for the RADIUS
Extended Attribute Types. Extended Attribute Types.
9. Open Issues 9. Open Issues
What is the numbering scheme for attributes that will be used by RFC What is the numbering scheme for attributes that will be used by RFC
writers going forward? For example today we write user-name(1). writers going forward? For example today we write user-name(1).
Going forward, will we write foo-bar(0,1)? Going forward, will we write foo-bar(0,1)?
What is the numbering plan for these attributes? What range should What is the numbering plan for these attributes? What (if any) range
be reserved? should be reserved? What should the IANA policy for allocation new
Vendor-Ids to the IETF?
It seems like RFC 4005 covers most of the question regarding Diameter
compatibility, but a few questions remain. For example, should we
require that the 'M' bit be set or not?
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
 End of changes. 11 change blocks. 
16 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/