Re: [NSIS] I-D Action:draft-ietf-nsis-nslp-auth-00.txt

Xiaoming Fu <fu@cs.uni-goettingen.de> Wed, 17 February 2010 14:14 UTC

Return-Path: <fu@cs.uni-goettingen.de>
X-Original-To: nsis@core3.amsl.com
Delivered-To: nsis@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FA5A3A7AEE for <nsis@core3.amsl.com>; Wed, 17 Feb 2010 06:14:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xyKBGpgAxVBX for <nsis@core3.amsl.com>; Wed, 17 Feb 2010 06:14:56 -0800 (PST)
Received: from amailer.gwdg.de (amailer.gwdg.de [134.76.10.18]) by core3.amsl.com (Postfix) with ESMTP id 514C33A7B11 for <nsis@ietf.org>; Wed, 17 Feb 2010 06:14:55 -0800 (PST)
Received: from s5.ifi.informatik.uni-goettingen.de ([134.76.81.25] helo=[172.23.0.1]) by mailer.gwdg.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <fu@cs.uni-goettingen.de>) id 1NhkhW-000189-38; Wed, 17 Feb 2010 15:16:26 +0100
Message-ID: <4B7BFA3A.60302@cs.uni-goettingen.de>
Date: Wed, 17 Feb 2010 15:16:26 +0100
From: Xiaoming Fu <fu@cs.uni-goettingen.de>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: nsis@ietf.org
References: <20100210151502.4D1C13A7720@core3.amsl.com> <4B73D2C2.9020803@tkk.fi> <001a01caafd6$131dc260$810c5982@dynamic.ewi.utwente.nl>
In-Reply-To: <001a01caafd6$131dc260$810c5982@dynamic.ewi.utwente.nl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated: Id:xfu
X-Virus-Scanned: (clean) by exiscan+sophie
Subject: Re: [NSIS] I-D Action:draft-ietf-nsis-nslp-auth-00.txt
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsis>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2010 14:14:58 -0000

Hi

a few comments to this ID:
1. some text is QoS-NSLP specific:
s2: Network elements verify the request
    and then process the resource reservation message based on admission
    policy.
--> reservation, admission are meaningful in QoS context, not 
necessarily for FW/NAT or others.

s3.1: ... to verify the resource reservation request.
--> again, resource reservation

2. AUTH_SESSION, AUTH SESSION
--> AUTH_SESSION (only)

3. Furthermore, session ID, MRI,
    and NSLP ID have to be included into the checksum, too, as specified
    in Section 3.2.6.
--> where is checksum field/calculation defined here?

4. what if a targeted authorizing entity cannot support the requested 
AUTH_ENT_ID sub-types? s.6 does not talk about this. In multi-hop 
signaling cases (not just end host - last hop), this might happen.

Xiaoming

Georgios Karagiannis wrote:
> Dear all
> 
> I have read the draft-ietf-nsis-nslp-auth-00.txt and I think that it is in a
> good shape!
> 
> The only issue I have found with the document is that its intended status is
> "Standards Track", I think that is should be "Experimental".
> 
> I could not find any other issuess associated with this draft!
> 
> Best regards,
> Georgios
> 
> 
>> -----Original Message-----
>> From: nsis-bounces@ietf.org [mailto:nsis-bounces@ietf.org] On 
>> Behalf Of Jukka Manner
>> Sent: donderdag 11 februari 2010 10:50
>> To: nsis@ietf.org
>> Subject: Re: [NSIS] I-D Action:draft-ietf-nsis-nslp-auth-00.txt
>>
>> Dear all,
>>
>> As part of the IESG comments, we decided to advance the 
>> NSLP-layer authorization theme and write down a technical solution.
>>
>> Please look at the work and provide input on the document. We 
>> would like to advance this item because practical use of any 
>> NSLP actually requires authorization. GISt-layer inter-node 
>> schemes are not enough.
>>
>> Regards,
>> Jukka
>>
>> On 10.2.2010 17:15, Internet-Drafts@ietf.org wrote:
>>> A New Internet-Draft is available from the on-line 
>> Internet-Drafts directories.
>>> This draft is a work item of the Next Steps in Signaling 
>> Working Group of the IETF.
>>>
>>> 	Title           : Authorization for NSIS Signaling 
>> Layer Protocols
>>> 	Author(s)       : J. Manner, et al.
>>> 	Filename        : draft-ietf-nsis-nslp-auth-00.txt
>>> 	Pages           : 36
>>> 	Date            : 2010-02-09
>>>
>>> Signaling layer protocols specified within the NSIS 
>> framework may rely 
>>> on the GIST (General Internet Signaling Transport) protocol 
>> to handle 
>>> authorization.  Still, the signaling layer protocol above 
>> GIST itself 
>>> may require separate authorization to be performed when a node 
>>> receives a request for a certain kind of service or 
>> resources.  This 
>>> draft presents a generic model and object formats for session 
>>> authorization within the NSIS Signaling Layer Protocols.  
>> The goal of 
>>> session authorization is to allow the exchange of 
>> information between 
>>> network elements in order to authorize the use of resources for a 
>>> service and to coordinate actions between the signaling and 
>> transport 
>>> planes.
>>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-nsis-nslp-auth-00.txt
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> Below is the data which will enable a MIME compliant mail reader 
>>> implementation to automatically retrieve the ASCII version of the 
>>> Internet-Draft.
>>>
>>>
>>>
>>> _______________________________________________
>>> nsis mailing list
>>> nsis@ietf.org
>>> https://www.ietf.org/mailman/listinfo/nsis
> 
> 
> _______________________________________________
> nsis mailing list
> nsis@ietf.org
> https://www.ietf.org/mailman/listinfo/nsis

-- 
Xiaoming Fu, http://user.informatik.uni-goettingen.de/~fu