IETF Logo Mail Archive

Re: [core] concerns re draft-oflynn-core-bootstrapping-02

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Thu, 28 October 2010 23:18 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: core@core3.amsl.com
Delivered-To: core@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B3713A680E for <core@core3.amsl.com>; Thu, 28 Oct 2010 16:18:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3KihlU0cCqnm for <core@core3.amsl.com>; Thu, 28 Oct 2010 16:18:26 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by core3.amsl.com (Postfix) with ESMTP id 173CC3A6801 for <core@ietf.org>; Thu, 28 Oct 2010 16:18:25 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id o9SNKI2o014591 for <core@ietf.org>; Fri, 29 Oct 2010 08:20:18 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id o9SNKISK023256 for core@ietf.org; Fri, 29 Oct 2010 08:20:18 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id JAA23255; Fri, 29 Oct 2010 08:20:17 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id o9SNKH6l017745 for <core@ietf.org>; Fri, 29 Oct 2010 08:20:17 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id o9SNKHnO014866; Fri, 29 Oct 2010 08:20:17 +0900 (JST)
Received: from [133.199.17.172] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0LB000CGBWTRII80@mail.po.toshiba.co.jp> for core@ietf.org; Fri, 29 Oct 2010 08:20:17 +0900 (JST)
Date: Fri, 29 Oct 2010 08:20:14 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <D266D724-C345-4980-A685-5742F76C60D3@tzi.org>
To: core@ietf.org
Message-id: <4CCA052E.2010909@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <BE21691E-1C60-4E2C-B7A8-81782F46E923@tzi.org> <E96BC2D7-3C56-4859-94B3-8B1AF1990C77@tzi.org> <935DB371-B149-486A-8AD2-3B4454C9B172@tzi.org> <4CA3BB54.8050706@gmail.com> <AANLkTimFX2BuD=UT3t4XV8XvD+ZRhgj57wDzRc2sFKOc@mail.gmail.com> <4CA5E8E0.4030503@gmail.com> <AANLkTi=0yEc6Fgi2-eahb8JtRZBxC9PWD=aEwQjh3F6R@mail.gmail.com> <4CA6095F.6040403@gmail.com> <B0F8E486-051F-4C5D-A05F-BDB3701404C5@cs.rwth-aachen.de> <4CB48B9B.9010206@gmail.com> <4CC83F61.5060109@gmail.com> <023a01cb76e1$869bfcc0$93d3f640$%yegin@yegin.org> <D266D724-C345-4980-A685-5742F76C60D3@tzi.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5
Subject: Re: [core] concerns re draft-oflynn-core-bootstrapping-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2010 23:18:27 -0000

OK, then let me use the term "RADIUS server" to explain.

Any EAP transport protocol such as IEEE 802.1X and PANA works with
multiple AAA domains in which a single access network may interface to
multiple RADIUS servers where each RADIUS server serves for a distinct
AAA domain.  With EAP, RADIUS routing is based on the EAP peer
identity such as "foo@domainA.com" and "bar@domainB.com" in a way that
authentication messages for EAP peer "foo@domainA.com"are routed to
"domainA.com" RADIUS server and authentication messages for EAP peer
"bar@domainB.com" are routed to "domainB.com" RADIUS server.  The EAP
peer identity is extracted from the initial EAP exchange by an EAP
pass-through authenticator that is co-located with a RADIUS client at
the border of the access network.  In a large scale RADIUS deployment,
there may be RADIUS proxies between a RADIUS client and a RADIUS
server to simplify the AAA routing task for RADIUS clients.  In PANA,
PAA (PANA Authentication Agent) is the EAP pass-through authenticator,
and PaC (PANA Client) is the EAP peer.

Hope this helps,
Yoshihiro Ohba

(2010/10/29 6:21), Carsten Bormann wrote:
> On Oct 28, 2010, at 22:48, Alper Yegin wrote:
> 
>> mothership
> 
> I think other terms are "mother-may-I", "trust center", "RADIUS server", or "Policy Decision Point".  Just guessing, though.
> I think the use case of interest here is a single constrained network that simultaneously serves multiple trust domains, so being authorized by any one of them should give you access.
> 
> With that potential explanation, can you elucidate whether (and maybe how) PANA would work in this scenario?
> 
> Gruesse, Carsten
> 
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core
>

v2.23.0 | Report a Bug | By Email