[Dime] Auth-Session-State (WGLC comments of draft-ietf-dime-nat-control-03)
"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Mon, 06 September 2010 13:02 UTC
Return-Path: <fbrockne@cisco.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2419F3A68E3 for <dime@core3.amsl.com>; Mon, 6 Sep 2010 06:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afSEf9CImAQj for <dime@core3.amsl.com>; Mon, 6 Sep 2010 06:02:56 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id C96C73A67FF for <dime@ietf.org>; Mon, 6 Sep 2010 06:02:55 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAJ6DhExAZnwN/2dsb2JhbAChEnGgXJpahT0EjRY
X-IronPort-AV: E=Sophos;i="4.56,325,1280707200"; d="scan'208";a="155925566"
Received: from rtp-core-2.cisco.com ([64.102.124.13]) by rtp-iport-1.cisco.com with ESMTP; 06 Sep 2010 13:03:22 +0000
Received: from xbh-ams-201.cisco.com (xbh-ams-201.cisco.com [144.254.75.7]) by rtp-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o86D32Fk022551; Mon, 6 Sep 2010 13:03:22 GMT
Received: from xmb-ams-106.cisco.com ([144.254.74.81]) by xbh-ams-201.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 6 Sep 2010 15:03:20 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 06 Sep 2010 15:03:17 +0200
Message-ID: <0D212BD466921646B58854FB79092CEC02E37772@XMB-AMS-106.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Auth-Session-State (WGLC comments of draft-ietf-dime-nat-control-03)
Thread-Index: ActNu/pxvnYmMNYPSbC5XYUBYnRy9QAApxKQ
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: jouni korhonen <jouni.nospam@gmail.com>
X-OriginalArrivalTime: 06 Sep 2010 13:03:20.0049 (UTC) FILETIME=[E1165610:01CB4DC3]
Cc: dime@ietf.org
Subject: [Dime] Auth-Session-State (WGLC comments of draft-ietf-dime-nat-control-03)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2010 13:02:57 -0000
Hi Jouni, Thanks for your detailed review of draft-ietf-dime-nat-control-03. Wrt/ your comment on the use of " Auth-Session-State AVP", I agree that the use of this AVP is redundant and not really useful, because I'll have the default value in all cases, given that in DNCA both manager and agent are stateful. In order to avoid confusion, I'd follow your implicit suggestion to remove the AVP - and - more importantly add additional details on how state is maintained. Simply referring back to RFC 3588 for a description of state machines unfortunately does not work here. Per our earlier discussions in the working group, the nomenclature of "server" and "client" does not really apply to the DNCA use case, hence the use of "manager" and "agent" for the two involved Diameter entities. My suggestion would be that we add another section which show state machines at agent and manager in detail (obviously reusing the format in RFC 3588). Would that be an agreeable way forward? Thanks & regards, Frank > Ticket #9: http://trac.tools.ietf.org/wg/dime/trac/ticket/9 > > During the WGLC review of draft-ietf-dime-nat-control-03 I started to > think about the Auth-Session-State AVP and the associated semantics. > The draft should state, even if it seems obvious, whether the state is > maintained or not. And whether it applies to all possible messages > exchanges. Can Auth-Session-State be on NCA or in NCR during > QUERY_REQUEST? > > How well the DNCA "view" of the session state goes along with RFC3588 > authz session state machine?
- [Dime] Auth-Session-State (WGLC comments of draft… Frank Brockners (fbrockne)
- Re: [Dime] Auth-Session-State (WGLC comments of d… jouni korhonen
- Re: [Dime] Auth-Session-State (WGLC comments ofdr… Shwetha Bhandari (shwethab)
- Re: [Dime] Auth-Session-State (WGLC comments ofdr… jouni korhonen