IETF Logo Mail Archive

[Captive-portals] Questions about PvD/API

David Bird <dbird@google.com> Wed, 02 August 2017 17:36 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 322E412EC4B for <captive-portals@ietfa.amsl.com>; Wed, 2 Aug 2017 10:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4p9Fla3tWmg for <captive-portals@ietfa.amsl.com>; Wed, 2 Aug 2017 10:36:08 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 544D0129B61 for <captive-portals@ietf.org>; Wed, 2 Aug 2017 10:36:08 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id 77so27360097itj.1 for <captive-portals@ietf.org>; Wed, 02 Aug 2017 10:36:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=tqlQMBMe60c2AkvwJ6vUu/rD2aTdcErzHb3A0kPksdU=; b=d44q3gWfNnpR/vNzHOXE5H0fdblECmUJdqbfWjEMDUEdZhUfzmO+Da8KTBM8n8Fjd/ FZjgJeTu78De27ailqVudK0szOwXDlu8ZCoPM7mMriAzG4ofDy1BnLDlqoG8woBV3ei8 WPYq6757GthfiyjcKDNf2GWV5V7EKBorE8qbTivvuy63xbLPq8jyN+5nfihebYLRDKtK n3z4AQ7zKEx9mjuztNhwGlzb46O8umqWUFLPamQi/PmlSqF2q8lC5ADcDR8bZ42KdWMR V/s9Wid2et6a8LBAAu9Ofys7vG1+5fFaVxk8Eg3JRxYfHpfMHdbYam1qryx0RAjwpF9m 56PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tqlQMBMe60c2AkvwJ6vUu/rD2aTdcErzHb3A0kPksdU=; b=iUqpGJqgs129IpwtC3uHdzrB0l1Waq8ENl6+pKXMmM+9MYBKyFdOJrDKsf3xF1mxKS QEcNoMNLPv8lcbYl2ku8m0aZ7cOldhbeS1ehs5YkfOEwEA8rEGJLPQ998a26p5o0gYdR CsVKiV2nl8zd1uSGGd8x2B1Oo/cvQIBhsq5tWsgzXQ4lOevWZMVx6seKjFr55Q353O3A p7+wIVnVN0LGvsdUtNH7kfKkaKhhUAZFrVCMjOmHX5qnJUrG/CBoUegRsSoLNMabOlz9 dkNtNk79rK8v4lhPRfO9L7EXcsLxKbxgLjLFoOvR8jzwa6yqNBVKO1BaxQBXKXbJSr5g Vw3A==
X-Gm-Message-State: AIVw112WhxPytpzLnba6k98nDX8c+QoH4ywIWemlMzeLnbjsowegd9ro 5pTtxdxIU3z4ZH3CclWKTixkiE7hyAZUIBXavw==
X-Received: by 10.36.175.65 with SMTP id l1mr6700713iti.2.1501695367141; Wed, 02 Aug 2017 10:36:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.6.140 with HTTP; Wed, 2 Aug 2017 10:36:06 -0700 (PDT)
From: David Bird <dbird@google.com>
Date: Wed, 02 Aug 2017 10:36:06 -0700
Message-ID: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com>
To: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="f403045da086ec0d6a0555c8b21f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/8mvHe0_M2Np8kvZ-dcRM3i-qMhQ>
Subject: [Captive-portals] Questions about PvD/API
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 17:36:10 -0000

Could an author of PvD help me understand the following questions for each
of the diagrams below I found on the Internet -- which represent some
typical hotspot configurations out there...

- Where would the API reside?

- Who 'owns' the API?

- How does the API keep in-sync with the NAS? Who's responsible for that
(possibly multi-vendor, multi-AAA) integration?

1) Typical Hotspot service company outsourcing:
http://cloudessa.com/wp-content/uploads/2013/08/shema-CaptivePortalSolution_beta2b.png

2) Same as above, except venue owns portal:
http://cloudessa.com/wp-content/uploads/2013/07/solutions_hotspots-co-working-cloudessa_2p1.png


3) Now consider the above, but the venue has more roaming partners and
multi-realm RADIUS setup in their *Cisco* NAS:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_0100111.html
describes many options -- including separate MAC authentication sources,
optional portals for 802.1x (RADIUS) authenticated users, and so much
more...

*"Cisco ISE supports internal and external identity sources. Both sources
can be used as an authentication source for sponsor-user and guest-user
authentication."*

Also note this interesting article:  the section Information *About Captive
Bypassing* and how it describes how to avoid Apple captive portal
detection!!! *"If no response is received, then the Internet access is
assumed to be blocked by the captive portal and Appleā€™s Captive Network
Assistant (CNA) auto-launches the pseudo-browser to request portal login in
a controlled window. The CNA may break when redirecting to an ISE captive
portal. The controller prevents this pseudo-browser from popping up."*

v2.23.0 | Report a Bug | By Email