IETF Logo Mail Archive

RE: AW: [NSIS] Re: authorizing query messages

"Nguyen, An" <an.p.nguyen@dhs.gov> Wed, 12 October 2005 17:09 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPk6t-0007nJ-TL; Wed, 12 Oct 2005 13:09:47 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPk6q-0007nD-Mh for nsis@megatron.ietf.org; Wed, 12 Oct 2005 13:09:45 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA05769 for <nsis@ietf.org>; Wed, 12 Oct 2005 13:09:40 -0400 (EDT)
Received: from pfwhqs1.ncr.disa.mil ([209.22.99.17] helo=pfwhqs101.ncr.disa.mil) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EPkHC-0000wM-HM for nsis@ietf.org; Wed, 12 Oct 2005 13:20:26 -0400
Message-ID: <7F18415E4D63CB45BB9B3A591F68D12D0E520796@emshqs1.ncr.disa.mil>
From: "Nguyen, An" <an.p.nguyen@dhs.gov>
To: 'David R Oran' <oran@cisco.com>, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
Subject: RE: AW: [NSIS] Re: authorizing query messages
Date: Wed, 12 Oct 2005 13:09:18 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd3fc8e909678b38737fc606dec187f0
Cc: "McDonald, Andrew" <andrew.mcdonald@roke.co.uk>, Georgios Karagiannis <karagian@cs.utwente.nl>, Jukka MJ Manner <jmanner@cs.Helsinki.FI>, nsis@ietf.org
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Sender: nsis-bounces@ietf.org
Errors-To: nsis-bounces@ietf.org

David,

Just a question: Do we need to enhance
http://www.ietf.org/internet-drafts/draft-ietf-aaa-diameter-sip-app-09.txt
to include QSPEC if you we decide to use DIAMETER to perform the
authorization for users' resources?

Thanks,

An
-----Original Message-----
From: David R Oran [mailto:oran@cisco.com]
Sent: Monday, October 10, 2005 10:52 AM
To: Tschofenig, Hannes
Cc: McDonald, Andrew; Georgios Karagiannis; Jukka MJ Manner;
nsis@ietf.org
Subject: Re: AW: [NSIS] Re: authorizing query messages


Do you think it makes sense to have the authorization response to the  
query return a QSPEC with the user's authorized resources so that can  
be returned along with the available resources (or alternatively used  
by the NSLP to reduce the reported available resources to only the  
amount authorized?

On Oct 6, 2005, at 11:37 AM, Tschofenig, Hannes wrote:


> hi jukka,
>
> thanks for your feedback. here is a proposal how to handle  
> authorization
> for the query message:
>
> the query message triggers a QAR with the authentication info but
> without any QoS-Resources.
> it might be necessary to indicate (somewhere) that this is only a  
> query
> without the need to enable accounting and charging.
>
> as such, the response in the QAA is also limited to the result rather
> than returning information like avps like CC-Time,Cost,
> QoS-Resources,Authz-time).
>
> here is the figure:
>
>    End-Host         Network Element             Entity
>   requesting QoS      ( Diameter              ( Diameter
>                        QoS Client)             QoS Server)
>       |                   |                         |
>       +---QoS-Query------>|                         |
>       |                   +- - - - - QAR - - - - - >|
>       |                   |(QoS-Resources=NULL,     |
>       |                   |   QoS-Auth-Data,User-ID)|
>       |                   |                +--------+--------------+
>       |                   |                |  Authorize request    |
>       |                   |                |  Keep no session data |
>       |                   |                |                       |
>       |                   |                +--------+--------------+
>       |                   |< - - - - QAA - - - - - -+
>       |                   |(Result-Code)            |
>       |                   |                         |
>       |           +-------+---------+
>       |           |Proceeed with    |
>       |           |QoS signaling    |
>       |           |exchange         |
>       |           +-------+---------+
>       |                   |
>       |                   +----------QoS-Reserve--------------->
>       |                   |
>       |                   |<---------QoS-Response---------------
>       |<--QoS-Response----+
>
>
> ciao
> hannes
>
>
>
>> Hi,
>>
>> I would expect that in certain networks, not everybody may query the
>> network of available resources. Thus, there could be need to
>> include an
>> auhtorization token, or ask from a Diameter server whether the node
>> sending the query is allowed to do that.
>>
>> Cheers,
>> Jukka
>>
>>
>> On Thu, 6 Oct 2005, Hannes Tschofenig wrote:
>>
>>
>>
>>> hi all,
>>>
>>> as part of our work on the diameter-qos application and the
>>>
>>>
>> radius-qos draft
>>
>>
>>> we came across the aspect of authorizing individual types
>>>
>>>
>> of actions taken by
>>
>>
>>> the qos signaling protocol. from discussions in the past i
>>>
>>>
>> remember that
>>
>>
>>> people wanted to authorize query messages as well. when we
>>>
>>>
>> come to the
>>
>>
>>> concrete details we are not quite sure what it actually
>>>
>>>
>> means. what would be
>>
>>
>>> the authorization decision regarding the query message
>>>
>>>
>> people have in mind?
>>
>>
>>>
>>> ciao
>>> hannes
>>>
>>>
>>>
>>>
>>>
>>
>> _______________________________________________
>> nsis mailing list
>> nsis@ietf.org
>> https://www1.ietf.org/mailman/listinfo/nsis
>>
>>
>>
>
> _______________________________________________
> nsis mailing list
> nsis@ietf.org
> https://www1.ietf.org/mailman/listinfo/nsis
>
>


_______________________________________________
nsis mailing list
nsis@ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

_______________________________________________
nsis mailing list
nsis@ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

v2.23.0 | Report a Bug | By Email