Re: [Dime] Question on Auth-Application-Id AVP in Diameter answermessages

["Gowda, Avinash" <agowda@starentnetworks.com>]

Hi Ankit,

 


As per RFC 3588 Bis15


 


6.8.  Auth-Application-Id AVP

   The Auth-Application-Id AVP (AVP Code 258) is of type Unsigned32 and
   is used in order to advertise support of the Authentication and
   Authorization portion of an application (see Section 2.4
<http://tools.ietf.org/html/draft-ietf-dime-rfc3588bis-12#section-2.4>
).  If
   present in a message other than CER and CEA, the value of the Auth-
   Application-Id AVP MUST match the Application Id present in the
   Diameter message header.

When the same Application-Id is present in Diameter Header then what is
the necessity of having duplicate data in this Auth-Application-Id AVP?

Thanks,

Avinash Gowda

________________________________

From: Ankit Kumar Sharma [mailto:ankit.sharma@aricent.com] 
Sent: Thursday, February 26, 2009 4:48 PM
To: Gowda, Avinash; dime@ietf.org
Subject: RE: [Dime] Question on Auth-Application-Id AVP in Diameter
answermessages

 

Please see my comments inline...

________________________________

From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] On Behalf Of
Gowda, Avinash
Sent: Thursday, February 26, 2009 12:24 PM
To: dime@ietf.org
Subject: [Dime] Question on Auth-Application-Id AVP in Diameter
answermessages

 

Hi All,

 

I have question on mandating Auth-Application-Id AVP in answer messages.

 

In 3GPP TS 29.273 V8.0.0 Section 5.2.2.3.4

---------------------------------------------

< AA-Answer > ::= < Diameter Header: 268, PXY, 16777250 >

< Session-Id >

{ Auth-Application-Id }

{ Auth-Request-Type }

{ Result-Code }

[ Experimental-Result ]

{ Origin-Host }

{ Origin-Realm }

[ Session-Timeout ]

[ Accounting-Interim-Interval ]

*[ APN-Configuration ]

...

*[ AVP ]

 

According to this spec, Auth-Application-Id is a mandatory AVP in
AA-Answer message.

 

I have following questions:

 

*	Is it necessary to have Auth-Application-Id AVP as a mandatory
AVP in answer message? 

       <Yes, because specs are mandating it>

 

*	Is there any specific use by mandating it? Can't we have it as
an optional AVP ([Auth-Application-Id])? 

       <I could think of a scenario where we have more than one User
Diameter applications in a single process on our local node, and each
one is capable of sending AAR command for ex. we have NASREQ and Tx . In
this case, Auth-Application-Id could be used to route the incoming AAA
from peer to correct local application module. In this example, user
wants to be authenticated on two different interfaces and
Auth-Application-Id is used to distinguish the answers of both requests>

 

Please help me to understand this.


 


Thanks,

Avinash Gowda

 

Regards,

Ankit

 

 

________________________________

"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error,please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."