Transcript PPT Version

LAN Attributes Extension
draft-adrangi-radius-attribute-extenstion-01.txt
IETF #60
Farid Adrangi, Avi Lior, Jouni Korhonen
1
User Identity Alias Attribute
• Problem Space
– The true identity of the subscriber can be hidden from
the NAS and RADIUS AAA proxies outside the
subscriber’s home network (i.e., outer NAI identity =
anonymous@ anyisp.com), which leads to the
following concerns:
• AAA proxies need to correlate an authentication session to a
user identity known only by the user’s home network.
Examples:
– For fraud detection and protection
– For revenue assurance
• NAS may require to match the user session and accounting
records to a user identity known to the user’s home network.
Examples:
– For Charging dispute
A unique identity known by the home network needs to be
conveyed to all parties involved in the roaming transaction
2
User Identity Alias Attribute
• Solution Space
– Can we use the existing attributes to solve the
problem?
• Class
– The content of class attribute is intended to be opaque; known
and interpreted by the home network
• UserName(1) Rewrite
– UserName(1) value could be rewritten by the intermediaries
– Subsequent accounting request may fail to route through the
intermediary exchanges due to the lack of decoration
knowledge by the home network
– Proposed User Identity Alias Attribute
• Avoids overloading the original purpose of UserName (1)
• Eliminates the routing issues due to NAI decoration
3
User Identity Alias
Attribute Format:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type
| Length
| String...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The User-Identity Alias types:
00 – reserved
01 – IMSI
02 – NAI
03 – E.164 number
04 – SIP URL (as defined in [13])
05 – Opaque string
Examples:
”02:[email protected]”
”03:+4689761234”
4
Generic RADIUS Application Capability Attribute
• Enable a home RADIUS server to discover
capabilities of a RADIUS client
• The capabilities indicate standard-based
applications (e.g., existing dynamic
authorization Extension to Remote [5],
future prepaid accounting model, etc.)
5
Generic RADIUS Application Capability Attribute
Attribute Format
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type
| Length
|
Integer
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Integer Value
CCCTSSSS Where
CCC is a 12-bit capability identifier
T
is a 4-bit indicator, used for extending sub-capabilities space
SSSS is a 16-bit sub-capability identifier
6
IP Address Type Options Attribute
• Rationale
– Specify whether a routable (public) or non-routable
(private) IP address should be assigned to a client.
• Attribute
– Used by Access Network (in Access-Request) to
indicate what IP address type options (private vs.
public) are supported by an Access Network
– Used by a Home Network (in Access-Accept) to
specify what type of IP address (private, public) must
be assigned to the client.
7
More Attributes …
• Mobile IP Home Agent Address
– Enable a home network to dynamically specify a
Home Agent address to be used by the client
• VPLMN (i.e., visited network) Identity Name
– Enables the VPLMN AAA proxy to convey the VPLMN
identity name to the HPLMN (i.e., the home operator
network)
– Required by GSMA
– Diameter equivalent of this attribute exists
8
Next Steps/Plans
• How should we move forward with draft?
9