Diameter ABFAB Application

Slides:



Advertisements
Similar presentations
802.1AF - directions define requirements to find and create connections in terms of Discovery - Authentication - Enable 1.Discover of what can be done.
Advertisements

EAP-Only Authentication in IKEv2 draft-eronen-ipsec-ikev2-eap-auth
LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.
August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.
IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
DIME Rechartering Hannes Tschofenig & Dave Frascone.
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
Diameter Group Signaling Tuesday, July 31 st, 2012 draft-ietf-diameter-group-signaling-00 Mark Jones, Marco Liebsch IETF 84 Vancouver, Canada.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.
SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, Rifaat Shekh-Yusef - SIP Digest Auth.
SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
Diameter Group Signaling Thursday, August 02 nd, 2013 draft-ietf-diameter-group-signaling-01 Mark Jones, Marco Liebsch, Lionel Morand IETF 87 Berlin, Germany.
Diameter Group Signaling draft-jones-diameter-group-signaling-00 Mark Jones Taipei, Taiwan November 2011.
Diameter SIP Application
Diameter Mobile IPv6: HA-to-AAAH support draft-ietf-dime-mip6-split-01.txt Julien Bournelle (Ed.) Gerardo Giaretta Hannes Tschofenig Madjid Nakhjiri.
Diameter Group Signaling Thursday, March 6 th, 2014 draft-ietf-diameter-group-signaling-03 Mark Jones, Marco Liebsch, Lionel Morand IETF 89 London, U.K.
Current Topic – EPP - TWNIC Jeff Yeh
DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
IETF 58 PANA WG PANA Implementation Report Hannes Tschofenig Marcus Tegnander Srinath Thiruvengadam.
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)
Diameter General Purpose Session draft-liebsch-dime-diameter-gps-01.txt M. Liebsch, G. Punz IETF79, Beijing Diameter Extensions (DIME) WG 11 th November.
DIME Virtual Interim Meeting 19th February, 8PM PST Dave Frascone Hannes Tschofenig.
Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
Informing AAA about what lower layer protocol is carrying EAP
Open issues with PANA Protocol
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
IETF Provisioning of Symmetric Keys (keyprov) WG Update
RADEXT WG RADIUS Attribute Guidelines
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
OGSA-WG Basic Profile Session #1 Security
Phil Hunt, Hannes Tschofenig
and answer command CCF Friday, April 5th 2016
Diameter NASreq (RFC 4005) and RADIUS Compatibility
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-11)
PANA Issues and Resolutions
draft-ietf-dime-erp-02
Carrying Location Objects in RADIUS
Chairs: Derek Atkins and Hannes Tschofenig
IETF80, Prague Diameter Maintenance and Extensions (DIME) WG
ERP extension for EAP Early-authentication Protocol (EEP)
Agenda OAuth WG IETF 87 July, 2013.
PANA Implementation in Open Diameter
3GPP and SIP-AAA requirements
Audio/Video Transport Payloads Working Group
Scott Bradner & Martin Thomson
Presentation transcript:

Diameter ABFAB Application Thursday, March 31, 2011 draft-jones-diameter-abfab Mark Jones Hannes Tschofenig IETF 80 Prague, Czech Republic

I-D in a nutshell Specifies a new Diameter application that extends the Diameter EAP application with new AVPs. +------------+ |Command-Code| |-----+------+ AVP Name | DER | DEA | -------------------------------|-----+------+ SAML-Assertion | 0 | 1 | SAML-AuthnRequest | 1 | 0 | SAML-AuthnResponse | 0 | 1 | +-----+------+ Diameter server may maintain state or may be stateless (indicated by the Auth-Session-State AVP) Diameter client MUST support the Authorization Session State Machine defined in RFC3588.

DER command New SAML-AuthnRequest AVP: UTF8String encoded SAML AuthnRequest message. Only included in the first DER message sent by the Diameter client. SAML Authorization happens immediately after the EAP authentication procedure has been completed. Auth-Request-Type AVP MUST be set to the value AUTHORIZE_AUTHENTICATE.

DEA command Contains one of two new AVPs which are included in the final DEA command of the EAP exchanges. SAML-AuthnResponse AVP: UTF8String encoded SAML AuthnResponse message. SAML-Assertion AVP: UTF8String encoded SAML assertion.

Next Steps Open issues: Adopt as ABFAB WG document? Multiple assertion AVPs per response? Encrypt XML payloads? Allow Authorize-Only exchanges post-authentication to retrieve more SAML attributes? Lots more to study but hey, it is -00.  Adopt as ABFAB WG document?

Feedback? RFCs for dummies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.