Re: [Captive-portals] Remediation url for CAPPORT

Tommy Pauly <tpauly@apple.com> Tue, 14 January 2020 20:38 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF7BF120110 for <captive-portals@ietfa.amsl.com>; Tue, 14 Jan 2020 12:38:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZ3RfwFlChl2 for <captive-portals@ietfa.amsl.com>; Tue, 14 Jan 2020 12:38:50 -0800 (PST)
Received: from nwk-aaemail-lapp03.apple.com (nwk-aaemail-lapp03.apple.com [17.151.62.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEDCF12010C for <Captive-portals@ietf.org>; Tue, 14 Jan 2020 12:38:50 -0800 (PST)
Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id 00EKar2F028736; Tue, 14 Jan 2020 12:38:46 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=GJf2nJQiFpJM8j5JRw5h9/Dv1/Pd0RIW2VUbMR6ETEM=; b=OfozthrPV+BqWtkR3YGH0eR10+XfHPh6VlI0xEqz1ibR7/k8tHmk3eDywwV4Gd+vfKWa DBmWwH+XMHKq2pYucaZbEs5tI1uXJWVCchI9HuohwFR3HNZbAFkBNzNoNUQOPtK2ReHn ERfCqzAQY4ItvRYAgAHhlH37mImIt85jkxb3MZFN9ToS3QxSpf6o8tqpc3aprlXYcHq3 aNq1vdbIYJ3B2QwquKzNC7rH/3Ewyii2JUPDggkm4FWhY2W3IS7bB/LfMvvuunKgyBaT sehkko9YYi3VIEwO9URw1g1JP2qAiqre8Hy6jmzRd96iKelqITmSxlapi0emlu3iZAV6 sA==
Received: from ma1-mtap-s01.corp.apple.com (ma1-mtap-s01.corp.apple.com [17.40.76.5]) by nwk-aaemail-lapp03.apple.com with ESMTP id 2xfyfpgana-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 14 Jan 2020 12:38:46 -0800
Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s01.corp.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0Q4400AZ46OKEN30@ma1-mtap-s01.corp.apple.com>; Tue, 14 Jan 2020 12:38:45 -0800 (PST)
Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0Q4400F006I9ND00@nwk-mmpp-sz09.apple.com>; Tue, 14 Jan 2020 12:38:45 -0800 (PST)
X-Va-A:
X-Va-T-CD: 96a7f8949c2db5920d636a06d4c097f9
X-Va-E-CD: c8bcc3b38ffaa402db9f454ecb937c3b
X-Va-R-CD: b796d79ffa039dc8707314280a8bcb24
X-Va-CD: 0
X-Va-ID: 086cce4c-9705-4834-b95b-264cead58a59
X-V-A:
X-V-T-CD: 96a7f8949c2db5920d636a06d4c097f9
X-V-E-CD: c8bcc3b38ffaa402db9f454ecb937c3b
X-V-R-CD: b796d79ffa039dc8707314280a8bcb24
X-V-CD: 0
X-V-ID: 0bd7dcce-23e5-4179-a5e6-43b1b3cf1e62
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2020-01-14_06:,, signatures=0
Received: from [17.234.71.35] by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0Q44001NT6OH6O60@nwk-mmpp-sz09.apple.com>; Tue, 14 Jan 2020 12:38:42 -0800 (PST)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <DBEFCCF8-0677-490F-A305-14C880B3DC7A@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_EB5AB896-0534-436B-B06D-01B582A21D7B"
MIME-version: 1.0 (Mac OS X Mail 13.0 \(3594.4.17\))
Date: Tue, 14 Jan 2020 12:38:39 -0800
In-reply-to: <CAKxhTx9g3WrKM=BP2fifv08CVcMrZvhuvnZjapb3ugN=WX1fhg@mail.gmail.com>
Cc: Erik Kline <ek@loon.com>, Heng Liu <liucougar@google.com>, Erik Kline <ek.ietf@gmail.com>, captive-portals <Captive-portals@ietf.org>
To: Remi NGUYEN VAN <reminv=40google.com@dmarc.ietf.org>
References: <CAKMty=Ks0j6dxPvsDHTpWBCrujihCe7Yzsb4zaV5SkRfh8fx9Q@mail.gmail.com> <CAKxhTx_uaZVFs4VhM+nro61XxTjPtwZ+pZ_gsJtNQXiNHtf2vQ@mail.gmail.com> <CAMGpriX1ct9y53HZ2FtbK00TfVm3uNRFMwYQW0Wb_18XoXjFJw@mail.gmail.com> <CAKMty=KhYr4XfJWzXeBiod1oiyG-qVp7-ANKJaZF1-_nPZhrTw@mail.gmail.com> <CAAedzxocTUhQ-z+_Cpz8PhG=o3CR4aZHOGddngiEjZ1HZChP1A@mail.gmail.com> <D00FBAF2-3825-4435-8426-10C300E491F2@apple.com> <CAKxhTx9g3WrKM=BP2fifv08CVcMrZvhuvnZjapb3ugN=WX1fhg@mail.gmail.com>
X-Mailer: Apple Mail (2.3594.4.17)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-01-14_06:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/k0XMMtlzHqbYv0-8caWQ63_Oi9w>
Subject: Re: [Captive-portals] Remediation url for CAPPORT
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 20:38:53 -0000

Any captive portal that is newly adopting the CAPPORT API will hopefully be testing the setup in the new model, and will have to think about which URLs to map to different user experiences.

A page that only says "you're logged in!", and has no way of adding more time, etc, is in my opinion a relatively useless page. If we provide a separate URL for remediation, it would seem to encourage such a design. Not including this would hopefully urge the portal design to a cleaner model.

I do think the boolean is nice for highlighting to the captive portal deployer that they should think about remediation. I'd be more ok with that model, although it could also be an extension as we gain experience in deployment.

Thanks,
Tommy

> On Jan 13, 2020, at 6:00 PM, Remi NGUYEN VAN <reminv=40google.com@dmarc.ietf.org> wrote:
> 
> If we show prompts to the user shortly before the session expires, we'd like to make sure that we can redirect them to some page where they can fix the problem, instead of landing on a page saying "you're logged in". The user-portal-url would work fine with a remediation-supported boolean for that purpose; having a separate URL gives additional flexibility to the access point operator, but from the point of view of the client I think both are fine.
> 
> Cheers,
> 
> Remi
> 
> 
> On Tue, Jan 14, 2020 at 10:02 AM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:40apple.com@dmarc.ietf.org>> wrote:
> I have a similar initial reaction to Erik's. Adding another URL that effectively is just another user portal, but meant to be used at certain times, adds a lot of complexity. I'm certainly not ruling out adding such a key as need arises, but I'd hesitate to make it part of the initial set.
> 
> Particularly, if we start seeing the "venue URL" be the main landing page we redirect people to once they're logged it, it kind of makes sense to let the user portal be the status/remediation/payment page.
> 
> Tommy
> 
>> On Jan 13, 2020, at 4:06 PM, Erik Kline <ek@loon.com <mailto:ek@loon.com>> wrote:
>> 
>> 
>> 
>> On Mon, 13 Jan 2020 at 15:26, Heng Liu <liucougar=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
>> On Sun, Jan 12, 2020 at 2:34 PM Erik Kline <ek.ietf@gmail.com <mailto:ek.ietf@gmail.com>> wrote:
>> Why should this different from the user-portal-url?  It seems to me that either the user-portal-url would remediation UI elements or it wouldn't.
>> Some CP vendors want to specify a different URL specifically tailored for remediation of a session. By providing a 3rd URL, we can accommodate this use case.
>> 
>> If the remediation URL is available but the user (somehow) navigates to the user-portal-url, what do they see?
>> 
>>  
>> With this 3rd URL, if the bytes/time does expire should the OS try to launch an interaction the remediation URL and then fallback to the user URL if it failed to load?  In which case, why not just leave all interaction with the user-portal-url?
>> if a remediation URL is present, and if it fails to load for whatever reason, no need to fallback to user portal URL: CP vendor should make sure the remediation URL is working properly (this is similar to user-portal url should work properly, if not, there is no other way for user to clear a CP)
>> 
>> I guess I'm just trying to be mindful of one person's flexibility is another person's complexity.  I think this just doubles the number of URLs that the CP vendor needs to make sure function correctly.
>> 
>> If the vendor doesn't implement a means to extend your session without completely shutting everything down and forcing to the user to restart the interaction flow anew, I could see that an OS would not want to bother the user with an interaction where they couldn't actually do anything useful.  But that might suggest a boolean capability, rather than a new URL (remediation-supported={true|false})?
>> A boolean field could also be a positive signal to notify UE that remediation is possible, but this would prevent CP vendors from using different URLs for remediation.
>> 
>> (As mentioned in the initial thread, this URL approach is also taken by the Passpoint release 2.0 spec to signal remediation process.)
>> 
>> regards,
>> Heng
>> _______________________________________________
>> Captive-portals mailing list
>> Captive-portals@ietf.org <mailto:Captive-portals@ietf.org>
>> https://www.ietf.org/mailman/listinfo/captive-portals <https://www.ietf.org/mailman/listinfo/captive-portals>
>> _______________________________________________
>> Captive-portals mailing list
>> Captive-portals@ietf.org <mailto:Captive-portals@ietf.org>
>> https://www.ietf.org/mailman/listinfo/captive-portals <https://www.ietf.org/mailman/listinfo/captive-portals>