1. RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury Nortel Networks

2. Requirements Provide support for Prepaid User. –Quota management –Usage metering –Session control Support Prepaid business models. –Time based, Volume based, “Token” based (unit less) –Simple rating and complex rating –Session based and single event based.

3. Key Features Quota based. –Quotas are initially exchanged in Access- Request/Accept; and are refreshed in Authorize-Only exchanges. Use RADIUS accounting messages only to record what has happened for audit and billing purposes.

4. What is New Simplified the Architecture model (draft 4) Added support for Multi-Services (draft 5) –Functionally aligned with Diameter CC. Cleanup and incorporation of comments received on list and privately. –Joel Halpern –Mark Grayson –Nagi Reddy Jonnala –Mike Santoro –Farid Adrangi –Damien Galand –Lothar Reith –Stefaan.de Cnodder

5. Prepaid Architecture RADIUS Client RADIUS Server Prepaid Client Prepaid Server RADIUS User Device Router/ Gateway Internet Prepaid attributes carried by RADIUS NAS

6. Multi-Services Main service or “Access Service” –This is what we traditionally authenticate and authorize. Operators what to differentiate between IP-flows –Some flows are more valuable. –Some flows are metered differently. –Some flows have different QoS. Additional flows only require authorization only.

7. Prepaid for Multi-Services Service defined by a Service-ID (string) –A Service can be an IP-Flow defined by IP-tuples. –“Access Service” is the default or initial service. 3GPP2 it corresponds to the Main-Service-Instance. Quota allocated –To one Service at a time; or –A group of Services using Rating-Groups: Rating-Group preconfigured in the Service Access Device. Define the rating (complex rating) and the Services that are associated with that Rating-Group. Pools –Associate quotas assigned to Services or Rating- Groups to Pools. –Minimize message. –Help when services are not drawing on quotas equally.

8. Multi-Service Example A: A user is Authenticated and Authorized as prepaid and assigned quota to the “Access Service” of 2MB. B: NAS wants to Authz another Service (eg VoIP). Sends an Access-Request (AuthOnly) with PPAQ specifying SID =Service-A. Session-Id needed to tie this Authorize-Only to previous AuthN/AuthZ. C: PPS replies with Access-Accept with a PPAQ for Service-A containing Volume of 1 MB. D: “Access Service” and Service-A request more quota. Report what they used. Update-Reason Quota-Refresh E: PPS authorize more quota to both. Access Service (+2MB) has 4 MB,Service-A (+1MB) 2MB F: User logs off. Report used quota. “Access- Service” 3MB, Service-A 1.5 MB. We know that it’s the end because the PPAQ indicates the cause for reporting Update- Reason User-Termination. NAS/PPC PPS AuthN/AuthZ “Access Service” Session-Id, [PPAQ SID=Service-A] A B C [PPAQ QID Service-A, I MB] Access-Request Authz Only Access-Accept Authz Only D E F Access-Request Authz Only [ PPAQ QID 2 MB] [ PPAQ QID Service-A, I MB] Access-Accept Authz Only [ PPAQ QID 4 MB] [ PPAQ QID Service-A, 2 MB] Access-Request Authz Only [ PPAQ QID 3 MB] [ PPAQ QID Service-A, I.5 MB] Access-Accept Authz Only

9. What is next Add support for single event. –Scenarios: Single Event Prepaid Authorization with Authentication. Single Even Prepaid Authorization only – user has already been authenticated. Mapping to Diameter