Presentation is loading. Please wait.

Presentation is loading. Please wait.

Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.

Published byMerryl Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica."— Presentation transcript:

1 Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica (diego@tid.es)diego@tid.es

2 Status -06 submitted for WG adoption Comments received during -05 WG adoption discussions – Comments to the fragmentation mechanism description – Clearer discussion on the addressed use cases and alternatives in the introduction – Satisfy ABFAB requirements on supporting chunked data transfer prior to the authentication flow New introductory sections emphasizing the scope of the document – The introduction itself – A new section (2, “Scope of this document”) delimiting the scenarios where the document is intended to be applied Focused on authorization exchanges – Considering a title and filename change – Along with adoption – “Support of fragmentation of RADIUS packets in authorization exchanges” – …-radext-radius-authz-fragment

3 WG Adoption Comments received addressed in -06 – Including a solution acceptable to ABFAB on pre- authentication exchanges – And a clearer scoping So here we go again

4 AuthN and AuthZ A RADIUS conversation is decomposed in three phases: 1.RADIUS pre-authorization (like a SAML request expressing a required LoA) 2.RADIUS authentication (like standard RADIUS-EAP) 3.RADIUS post-authorization (like a SAML response) Phases are bound through *references* (e.g. State attribute). Phase (1) finishes with a token which is used in the Access- Request for phase (2). Phase (2) finishes with a token in the Access-Accept, which provides a link to phase (3). Fragmentation is supported in phases 1 and 3 – Phase 2 is unaltered Fragmentation is based on Access-Request / Access-Accept rounds

5 Implementation Goals Implement draft-perez-radext-radius- fragmentation – Serve as a proof of feasibility – Provide on-the-wire feedback for the specification Proof of concept – Intended for validating the fragmentation mechanism Work through out-of-the-box FreeRadius proxies – No need of RADIUS fragmentation support on existing/deployed proxies Open source – Source code contributed to FreeRADIUS available

6 Implementation Details Based on FreeRadius 2.1.12 – Client based on FreeRadius radeapclient Currently implements -04 – Will be updated accordingly once consensus is reached https://libra.inf.um.es/~alex/freeradius-server- 2.1.12-fragmentation-support.tar.gz https://libra.inf.um.es/~alex/fragmentation- support-2.1.12.diff

Download ppt "Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica."

Similar presentations

VARTAN – Validation Reporting Templates Jürgen Teutsch, NLR CAATS Workshop, 16-Feb-2006, Lanzarote.

VARTAN – Validation Reporting Templates Jürgen Teutsch, NLR CAATS Workshop, 16-Feb-2006, Lanzarote.
Design by Contract.

Design by Contract.
Doc.: IEEE 802.11-10/1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.

Doc.: IEEE /1125r0 Submission September 2010 Marc Emmelmann, Fraunhofer FOKUSSlide 1 How does the (new) Fast Initial Link Set- Up PAR address.
Configuration Management

Configuration Management
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.

1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.
MPTCP – Multipath TCP WG Meeting Honolulu, IETF-91, 14th Nov 2014 Philip Eardley Yoshifumi Nishida 1.

MPTCP – Multipath TCP WG Meeting Honolulu, IETF-91, 14th Nov 2014 Philip Eardley Yoshifumi Nishida 1.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
A Framework for Management and Control of Optical Interfaces supporting G.698.2 draft-kunze-g-698-2-management-control-framework-02 March 2012 83rd IETF.

A Framework for Management and Control of Optical Interfaces supporting G draft-kunze-g management-control-framework-02 March rd IETF.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.

Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
Functional Model Workstream 1: Functional Element Development.

Functional Model Workstream 1: Functional Element Development.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
MPTCP – Multipath TCP WG Meeting Toronto, IETF-90, 21 st July 2014 Philip Eardley Yoshifumi Nishida 1.

MPTCP – Multipath TCP WG Meeting Toronto, IETF-90, 21 st July 2014 Philip Eardley Yoshifumi Nishida 1.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

Similar presentations

Ads by Google