IETF Logo Mail Archive

Re: [Captive-portals] Questions about PvD/API

Erik Kline <ek@google.com> Wed, 16 August 2017 00:19 UTC

Return-Path: <ek@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD3BD1323FD for <captive-portals@ietfa.amsl.com>; Tue, 15 Aug 2017 17:19:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PZtdNNAgqLi3 for <captive-portals@ietfa.amsl.com>; Tue, 15 Aug 2017 17:19:42 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FB68132400 for <captive-portals@ietf.org>; Tue, 15 Aug 2017 17:19:34 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id p68so14007619ywg.0 for <captive-portals@ietf.org>; Tue, 15 Aug 2017 17:19:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kLd2eVJlHkR+2pu6fR88xr0zRyMPGqm58AsTXa/HpDU=; b=AmVVS0cD0q3bsP+7UjzoxDjY7AuIDc619jmLqiU0Xefr9Fn+C/Q+wnf1mq/TlnCyEL NIVg4a+Qc75JEVv0puz+IwIBw20w+/O4PjMU+nmMtflkUvf/+CxETZBMjPowYMxUfFka 9wRi2tKlnQVkYQIVCH0MLBec6aCojkkTlwrrzr/FsG4+mceqqTnMXu22WgVDEiD3kVm/ g/Gi1ZXOhpj4Q/B9aX/qmiESDVLsVIKBivkN9/iVdA+Q/Gw0ZL6+TaM1MqUaZ6J8yDcR TgLrMPEYgqcedx3hMTqeyGDIK03GwQWkCgMGuo2Jljrs4OkQzk58WE80n4CmgjqNgyGk CvoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kLd2eVJlHkR+2pu6fR88xr0zRyMPGqm58AsTXa/HpDU=; b=mKQE2iwqbIFwd7SLBHduqa0t40RkerC/g1kO0YkYguEey9uSPYei3Cuf3ehYVBftZi pYi8mL4qJkQx+JOqfl5cG+BfNIGyE2CWDLYQ6ZX1PEUc0qz1cvPQoXkqAJzuHWLUGEXq CONCsz4oWnsXCylZdMlAYSZMZbAJYjj6dofM8t25CPlt2fW2rtSb2nb0EWky/1/XOH49 1N4PyJoS/GakeS289bq4d4OBie+y73IKs+Le0qs7xqKPr0TSyJlVuMVakDFaTUBJcoev 5jHbJ72RX7qktu+v3COlBEYYaX1+Hw5lyWzq3gCcaGJSx37cFb1jG1EfC93jLMeYPeAo vFfA==
X-Gm-Message-State: AHYfb5gz4tnc3Tw/WnuHtK7rruMh/NkCo2zc6PoiV3tZLaY7WfHqLc4x N3trMoIFaJYEq7Y1X7iIue//GISnKKvtivc=
X-Received: by 10.129.101.196 with SMTP id z187mr19499554ywb.293.1502842773544; Tue, 15 Aug 2017 17:19:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.38.74 with HTTP; Tue, 15 Aug 2017 17:19:12 -0700 (PDT)
In-Reply-To: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com>
References: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com>
From: Erik Kline <ek@google.com>
Date: Tue, 15 Aug 2017 17:19:12 -0700
Message-ID: <CAAedzxq4UhueFW=U-Tuc1gvG8Tapc7VE7BM2Akt9OXuzN3jLyQ@mail.gmail.com>
To: David Bird <dbird@google.com>, Tommy Pauly <tpauly@apple.com>
Cc: captive-portals@ietf.org, "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a114c86bab3a4af0556d3d9af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/KdRLuBe4RKGWBaKkIxXHTQ9lPnM>
Subject: Re: [Captive-portals] Questions about PvD/API
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 00:19:48 -0000

Randomly selecting Tommy and Eric so this bubbles up in their inbox.

On 2 August 2017 at 10:36, David Bird <dbird@google.com> wrote:
> Could an author of PvD help me understand the following questions for each
> of the diagrams below I found on the Internet -- which represent some
> typical hotspot configurations out there...
>
> - Where would the API reside?
>
> - Who 'owns' the API?
>
> - How does the API keep in-sync with the NAS? Who's responsible for that
> (possibly multi-vendor, multi-AAA) integration?
>
> 1) Typical Hotspot service company outsourcing:
> http://cloudessa.com/wp-content/uploads/2013/08/shema-CaptivePortalSolution_beta2b.png
>
> 2) Same as above, except venue owns portal:
> http://cloudessa.com/wp-content/uploads/2013/07/solutions_hotspots-co-working-cloudessa_2p1.png
>
> 3) Now consider the above, but the venue has more roaming partners and
> multi-realm RADIUS setup in their Cisco NAS:
> http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_0100111.html
> describes many options -- including separate MAC authentication sources,
> optional portals for 802.1x (RADIUS) authenticated users, and so much
> more...
>
> "Cisco ISE supports internal and external identity sources. Both sources can
> be used as an authentication source for sponsor-user and guest-user
> authentication."
>
> Also note this interesting article:  the section Information About Captive
> Bypassing and how it describes how to avoid Apple captive portal
> detection!!! "If no response is received, then the Internet access is
> assumed to be blocked by the captive portal and Appleā€™s Captive Network
> Assistant (CNA) auto-launches the pseudo-browser to request portal login in
> a controlled window. The CNA may break when redirecting to an ISE captive
> portal. The controller prevents this pseudo-browser from popping up."
>
>
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>

v2.23.0 | Report a Bug | By Email