Carrying Location Objects in RADIUS Presentation written by: Hannes Tschofenig, Allison Mankin Draft Authors: Hannes Tschofenig, F. Adrangi, A. Lior, M.

Slides:



Advertisements
Similar presentations
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
Advertisements

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
T Computer Networks II AAA
T Computer Networks II AAA Prof. Sasu Tarkoma.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Georgy Melamed Eran Stiller
Radius Dave Grizzanti Steve Curti. What is RADIUS? Remote Authentication Dial-In User Service (RADIUS) is a protocol for remote user authentication and.
Radius Security Extensions using Kerberos V5 draft-kaushik-radius-sec-ext.
RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Doc.: IEEE /TBD Submission November 2001 Warren Barkley, Tim Moore, Bernard Aboba/Microsoft IEEE 802.1X and RADIUS Security Bernard Aboba Ashwin.
Report about the Design Team on "Diameter Routing" (Tina Tsou)
Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
Credit Control and Prepaid Applications Avi LiorBridgewater Systems Parviz YeganiCisco
Doc.: IEEE /0394r0 Submission March 2008 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
Dean Cheng Jouni Korhonen Mehamed Boucadair
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
1 RADIUS Attribute Harmonization and Informational guidelines for PWLAN Farid Adrangi Intel Corporation ( )
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook
EAP-based Mediating Network Selection Copyright © 2003, The Internet Society Farid Adrangi Intel Corporation ( ) ACKNOWLEDGEMENTS:
Cody Brookshear Andy Borman
Doc.: IEEE /xxxr0 Submission November, 2004 Jim TomcikSlide 1 cdma2000-WLAN Interworking Jim Tomcik Raymond Hsu
1 © NOKIA diameter-cca-update.PPT Diameter Credit-control Application Harri Hakala.
AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.
Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.
T Computer Networks II AAA Adj. Prof. Sasu Tarkoma.
RADIUS Protocol Sowjanya Talasila Shilpa Pamidimukkala.
1 HRPD Roamer Authentication Zhibi Wang, Sarvar Patel, Simon Mizikovsky, Nancy Lee.
RADIUS What it is Remote Authentication Dial-In User Service
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
1 Bandwidth Profile Negotiation over AAA Farid Adrangi, Paul Congdon, Chuck Black, Avi Lior, Farooq Bari draft-adrangi-radius-bandwidth-capability-01.txt.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Quality of Service Authorization Diameter QoS Application F. Alfano, P. McCann, H. Tschofenig, T. Tsenov RADIUS QoS Support H. Tschofenig, A. Mankin,T.
1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -
RADEXT WG draft-ietf-radext-ieee802ext-09 Bernard Aboba November 4, 2013 IETF 88 Please join the Jabber room:
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.
Nov 10, EAP-based Mediating Network Discovery and Selection Copyright © 2003, The Internet Society Farid Adrangi Intel Corporation (
62 nd IETF RADIUS Bandwidth Capability Avi Lior, Bridgewater Systems Farid Adrangi, Intel Paul Congdon, ProCurve Networking Business Chuck Black, ProCurve.
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
IETF 78 RADIUS extensions for DS-Lite draft-maglione-softwire-dslite-radius-ext-00 R. Maglione – Telecom Italia A. Durand – Juniper Networks.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
MIPv4-Diameter Update Tom Hiller Lucent Technologies.
1 RADEXT WG Agenda IETF-60 Bernard Aboba David Nelson.
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
Capability Exchange Requirements
Carrying Location Objects in RADIUS
Pre-authentication Overview
Report about the Design Team on "Diameter Routing" ietf
3GPP2-WLAN Interworking update
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
3GPP2-WLAN Interworking update
Qin Wu Zhen Cao Yang Shi Baohong He
IEEE IETF Liaison Report
Presentation transcript:

Carrying Location Objects in RADIUS Presentation written by: Hannes Tschofenig, Allison Mankin Draft Authors: Hannes Tschofenig, F. Adrangi, A. Lior, M. Jones

Current Status The recent draft update raised some discussions on the RADEXT mailing list because of the generic capability functionality. Ideally, the GEOPRIV scenarios should not depend on capability work in the RADEXT working group. Suggested approach for dealing with the problem is outlined in the subsequent slides. NAS AAA Server Access-Request + Capability Access-Challenge +Capability Access-Request + Location-Information

Static Scenario NAS AAA Server Start Auth. Phase RADIUS Access-Request + Location-Information MN NAS and AAA have a prior agreement on the transmission of location information

Dynamic Scenario for location-based authorization Case A: NAS is Geopriv Capable NAS Start Auth. Phase RADIUS Access-Request +Supported-Loc Access-Challenge +Required-Info MN Access-Request +Location-Information NAS understands Geopriv and can provide the requested information Access-Accept AAA Server

Dynamic Scenario for location-based authorization Case B: NAS cannot deliver requested info NAS Start Auth. Phase RADIUS Access-Request +Supported-Loc Access-Reject + Error-Cause (Location-Info-Required) MN NAS understands Geopriv but does not provide what AAA server wants AAA Server

Dynamic Scenario for location-based authorization Case C: NAS does not support Challenge NAS Start Auth. Phase RADIUS Access-Request +Supported-Loc Access-Challenge +Required-Info MN Access-Request +Location-Information NAS does not understand Challenge  Resend Access-Request without asking the user for the password again Access-Reject AAA Server

Dynamic Scenario Location for Billing, Taxation and Accounting NAS Start Auth. Phase Access-Request +Supported-Loc Access-Challenge MN Access-Request NAS might provide location information Access-Accept +Required-Info AAA Server Accounting-Request Location-Information Accounting-Response

Impact for Scenarios The 3GPP Rel-6 I-WLAN deployment scenario requires Challenge to be supported by the NAS since EAP is used. GSMA IR.61 WLAN roaming scenario does not mandate the support for a Challenge but mandates the transport of certain location attributes.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.