Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper.

Published byLilian Noreen Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper."— Presentation transcript:

1 IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems avi@bridgewatersystems.com Alper Yegin, Samsung alper.yegin@samsung.com

2 IETF-63Bridgewater/Samsung Introduction PANA AAA –Mapping of PANA messages & AVPs to AAA messages & Attributes –Relies on the following RFCs/Drafts draft-ietf-pana-pana-0x RFC3579, “RADIUS Support For EAP” draft-ietf-aaa-eap-10 Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application",November 2004. RFC3576, “Dynamic Authorization Ext. for RADIUS” Various RADIUS RFCs: 2865,2866,2869 RFC 3588

3 IETF-63Bridgewater/Samsung Architecture +------------------------------+ +-----+ | +-----+ +---------------+ | +---------------+ | | | | | | | | | | | PaC +---+--+ PAA +--+ AAA client |--+-----+ AAA server | | | | | | | | | | | +-----+ | +-----+ +---------------+ | +---------------+ | Network Access Server(NAS) | +------------------------------+ Simplifications: –No AAA Proxy Chains –EAP Authentication Server is collocated with AAA server –NAS consists of: PAA, AAA client; and PEP. –Possible AAA interactions: AAA server can be Diameter or RADIUS. AAA client can be Diameter or RADIUS. In a single PANA session, with multiple-authentications you can have both Diameter and RADIUS interactions

4 IETF-63Bridgewater/Samsung What was decided at IETF 62 Accept as a working group document Standard as opposed to Informational Add support for Diameter

5 IETF-63Bridgewater/Samsung Issues Raised Multiple authentications, what if one fails? –Issue with RADIUS: “what happens when we get an Access-Reject?” Do you tear down the session?; or Is this a rejection of what was being authenticated? Seems we are leaning towards: Access-Reject is for the requested service. See draft-aboba-radext-fixes-00 For example: Even if NAP authentication has failed, network access can be granted when ISP authentication succeeds (but NAP does not provide any differentiated service to the unauthenticated client).

6 IETF-63Bridgewater/Samsung Integration of Diameter Diameter EAP was used. For call flows, created an abstraction to allow us to describe the flows once (for both RADIUS and Diameter) We have separate description, one for RADIUS and one for Diameter, for messages and attributes There are few differences. Needs cleanup.

7 IETF-63Bridgewater/Samsung PANA Single Authentication PaC NAS RADIUS Server a) | | | |PANA-Auth-Request(x) | | b) |<---------------------| | |PANA-Auth-Answer(x) | | c) |--------------------->| | | | AAA-Request | d) | |----------------------->| | | AAA-Challenge | e) | |<-----------------------| |PANA-Auth-Request(x+1)| | f) |<---------------------|........................| |PANA-Auth-Answer(x+1) | | g) |--------------------->|........................| | | AAA-Request | h) | |----------------------->| | | AAA-Accept | i) | |<-----------------------| |PANA-Bind-Request | | j) |<---------------------| | |PANA-Bind-Answer | | k) |--------------------->| | | | AAA-Accounting(Start)| l) | |----------------------->| | | |

8 IETF-63Bridgewater/Samsung What Is Next? Align with latest PANA New capabilities: should we try to synch up? Review – focus on technical issues as opposed to editorial.

9 IETF-63Bridgewater/Samsung THANK YOU

Download ppt "IETF-63Bridgewater/Samsung PANA RADIUS PANA RADIUS draft-ietf-pana-aaa-interworking-00.txt Avi Lior, Bridgewater Systems Alper."

Similar presentations

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury.

RADIUS Prepaid Extension draft-lior-radius-prepaid-extensions-05.txt Avi Lior, Yong Li, Bridgewater Systems Parviz Yegani, Cisco Systems Kuntal Chowdhury.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
AAA-Mobile IPv6 Frameworks Alper Yegin IETF 62. 2 Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.

12/05/2007IETF70 PANA WG1 PANA Network Selection draft-ohba-pana-netsel-00.txt Yoshihiro Ohba.
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.

Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.
Credit Control and Prepaid Applications Avi LiorBridgewater Systems Parviz YeganiCisco

Credit Control and Prepaid Applications Avi LiorBridgewater Systems Parviz YeganiCisco
KAIS T Security architecture in a multi-hop mesh network Conference in France, 2006 2006. 9. 26. Presented by JooBeom Yun.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.
Identities and Network Access Identifier in M2M Page 1 © 2010 3GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.

Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

Similar presentations

Ads by Google