AW: [Mip6] mip6-aaa frameworks
Tschofenig Hannes <hannes.tschofenig@siemens.com> Tue, 15 February 2005 12:37 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA25241 for <mip6-web-archive@ietf.org>; Tue, 15 Feb 2005 07:37:01 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D12Hv-0003G6-Hg for mip6-web-archive@ietf.org; Tue, 15 Feb 2005 07:58:47 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D11sH-0004xe-JU; Tue, 15 Feb 2005 07:32:17 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D11qG-0004mK-Ao for mip6@megatron.ietf.org; Tue, 15 Feb 2005 07:30:12 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA24710 for <mip6@ietf.org>; Tue, 15 Feb 2005 07:30:10 -0500 (EST)
Received: from thoth.sbs.de ([192.35.17.2]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D12BG-00037A-PQ for mip6@ietf.org; Tue, 15 Feb 2005 07:51:56 -0500
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by thoth.sbs.de (8.12.6/8.12.6) with ESMTP id j1FCU7FF016599; Tue, 15 Feb 2005 13:30:07 +0100
Received: from mchp9daa.mch.sbs.de (mchp9daa.mch.sbs.de [139.25.137.99]) by mail2.siemens.de (8.12.6/8.12.6) with ESMTP id j1FCU6iQ005993; Tue, 15 Feb 2005 13:30:06 +0100
Received: by mchp9daa.mch.sbs.de with Internet Mail Service (5.5.2657.72) id <1XNR26FL>; Tue, 15 Feb 2005 13:30:06 +0100
Message-ID: <D2E490BD3F24C24598C4605E40024D150A7914@mchp9gma.mch.sbs.de>
From: Tschofenig Hannes <hannes.tschofenig@siemens.com>
To: 'Alper Yegin' <alper.yegin@samsung.com>, mip6@ietf.org
Subject: AW: [Mip6] mip6-aaa frameworks
Date: Tue, 15 Feb 2005 13:28:42 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 48472a944c87678fcfe8db15ffecdfff
Content-Transfer-Encoding: quoted-printable
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ccfb4541e989aa743998098cd315d0fd
Content-Transfer-Encoding: quoted-printable
hi alper, thanks for your classification attempt. in http://www.tschofenig.com/drafts/draft-tschofenig-enroll-bootstrapping-saml- 00.txt we also tried to create a classification. you might want to take a look at section 3. please take a look at this figure: +---------------+ +---------------+ | | (A) | | | Bootstrapping |<-------------------> | Bootstrapping | | Client (BC) | Protocol or | Agent (BA) | | | API | | +---------------+ +---------------+ ^ | Protocol or |(B) API | v +---------------+ | | | Bootstrapping | | Target (BT) | | | +---------------+ we think that there are three categories to consider: o Which protocol is used between the BC and the BA? o Which protocol is used between the BA and the BT? o What information is bootstrapped? we have also tried to classify a few proposals (as listed in the draft) according to these questions. to us it seems that the most important question is which protocol is used between BC and BA (some proposals even use two protocols). since a number of proposals have been published that want to bootstrap something we think that a proposal that is a bit more generic would be quite helpful here. in http://www.ietf.org/internet-drafts/draft-tschofenig-enroll-next-steps-00.tx t we argue that this might be job for enroll to look at. finally, the protocol used for communication between the BA and the BT is in many cases interchangeable. ciao hannes > -----Ursprüngliche Nachricht----- > Von: Alper Yegin [mailto:alper.yegin@samsung.com] > Gesendet: Dienstag, 15. Februar 2005 07:44 > An: mip6@ietf.org > Betreff: [Mip6] mip6-aaa frameworks > > > > This is an attempt to enumerate possible MIP6-AAA frameworks, > and start > discussions on for which one(s) IETF shall pursue standardization. > > Framework 1: > ------------ > Using network access AAA to deliver MIP6 configuration parameters from > the AAA server to the MN. > > MIP6 configuration is directly delivered from the AAA server to the MN > during network access AAA, in-band with the authentication (e.g., > transported by EAP or EAP methods). > > Related I-Ds: > > draft-giaretta-mip6-authorization-eap-01 > draft-le-aaa-mipv6-requirements-03 > draft-ohnishi-mip6-aaa-problem-statement-00 > > Discussion: > > The end2end transport between the AAA and the MN is the key. > Use of EAP > for this somewhat network access unrelated "configuration" is not > recommended as far as I understand. One can design his own > EAP method to > do that, yet that would have limited applicability. > > > Framework 2: > ------------ > Using network access AAA to deliver MIP6 configuration parameters from > the AAA server to the NAS. It is assumed that parameters will be > delivered from the NAS to the MN via another protocol (e.g., > DHCP, PANA, > etc.) > > Related I-Ds: > > draft-chowdhury-mip6-bootstrap-radius-00 > draft-jang-dhc-haopt-00 > > Discussion: > > This is similar to NAS learning the IP address for the connected host > via RADIUS, and delivering it to the host via DHCP. > > James had a comment regarding not having to support intra-operator > interoperability. I think regardless of the deployment, > interoperability > between vendors is the important. Also, I was not sure on the > complexity > argument. > > 3GPP2 has already chosen this scheme. Some other SDO(s) may follow the > suit. > > Framework 3: > ------------ > Piggybacking MIP6 signaling (BU) with network access AAA. In-band with > the network access authentication execution, the MN delivers > (piggybacks) a BU to the AAA server. The AAA server may have to relay > the BU to the HA (unless collocated). > > Related I-D: > > draft-le-aaa-mipv6-requirements-03 > > Discussion: > > While the performance benefits are clear, limited applicability (not > always the network access and mobility services are bundled) and > complexity are concerning. > > > Framework 4: > ------------ > A backend AAA protocol is executed between the HA and the AAA > server in > response to the MIP6 signaling between the MN and the HA. > Similar to the > use of AAA protocols with MIPv4 co-located care-of address case. > > Related I-Ds: > > draft-giaretta-mip6-aaa-ha-goals-00.txt > draft-yegin-mip6-aaa-fwk-00.txt > > Discussion: > This one appears to be the most needed framework. It is > assumed that MN > already knows the HA address. > > > Are there other frameworks to add? > > I am sure I have missed some references, please let us know > which ones. > > Alper > > > > > _______________________________________________ > Mip6 mailing list > Mip6@ietf.org > https://www1.ietf.org/mailman/listinfo/mip6 > _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- AW: [Mip6] mip6-aaa frameworks Tschofenig Hannes
- AW: [Mip6] mip6-aaa frameworks Tschofenig Hannes
- AW: [Mip6] mip6-aaa frameworks Tschofenig Hannes
- Re: AW: [Mip6] mip6-aaa frameworks Rafa Marin Lopez
- Re: [Mip6] mip6-aaa frameworks Julien Bournelle