RE: AW: [NSIS] Re: authorizing query messages
"Nguyen, An" <an.p.nguyen@dhs.gov> Wed, 12 October 2005 17:09 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPk6t-0007nJ-TL; Wed, 12 Oct 2005 13:09:47 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPk6q-0007nD-Mh for nsis@megatron.ietf.org; Wed, 12 Oct 2005 13:09:45 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA05769 for <nsis@ietf.org>; Wed, 12 Oct 2005 13:09:40 -0400 (EDT)
Received: from pfwhqs1.ncr.disa.mil ([209.22.99.17] helo=pfwhqs101.ncr.disa.mil) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EPkHC-0000wM-HM for nsis@ietf.org; Wed, 12 Oct 2005 13:20:26 -0400
Message-ID: <7F18415E4D63CB45BB9B3A591F68D12D0E520796@emshqs1.ncr.disa.mil>
From: "Nguyen, An" <an.p.nguyen@dhs.gov>
To: 'David R Oran' <oran@cisco.com>, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
Subject: RE: AW: [NSIS] Re: authorizing query messages
Date: Wed, 12 Oct 2005 13:09:18 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd3fc8e909678b38737fc606dec187f0
Cc: "McDonald, Andrew" <andrew.mcdonald@roke.co.uk>, Georgios Karagiannis <karagian@cs.utwente.nl>, Jukka MJ Manner <jmanner@cs.Helsinki.FI>, nsis@ietf.org
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Sender: nsis-bounces@ietf.org
Errors-To: nsis-bounces@ietf.org
David, Just a question: Do we need to enhance http://www.ietf.org/internet-drafts/draft-ietf-aaa-diameter-sip-app-09.txt to include QSPEC if you we decide to use DIAMETER to perform the authorization for users' resources? Thanks, An -----Original Message----- From: David R Oran [mailto:oran@cisco.com] Sent: Monday, October 10, 2005 10:52 AM To: Tschofenig, Hannes Cc: McDonald, Andrew; Georgios Karagiannis; Jukka MJ Manner; nsis@ietf.org Subject: Re: AW: [NSIS] Re: authorizing query messages Do you think it makes sense to have the authorization response to the query return a QSPEC with the user's authorized resources so that can be returned along with the available resources (or alternatively used by the NSLP to reduce the reported available resources to only the amount authorized? On Oct 6, 2005, at 11:37 AM, Tschofenig, Hannes wrote: > hi jukka, > > thanks for your feedback. here is a proposal how to handle > authorization > for the query message: > > the query message triggers a QAR with the authentication info but > without any QoS-Resources. > it might be necessary to indicate (somewhere) that this is only a > query > without the need to enable accounting and charging. > > as such, the response in the QAA is also limited to the result rather > than returning information like avps like CC-Time,Cost, > QoS-Resources,Authz-time). > > here is the figure: > > End-Host Network Element Entity > requesting QoS ( Diameter ( Diameter > QoS Client) QoS Server) > | | | > +---QoS-Query------>| | > | +- - - - - QAR - - - - - >| > | |(QoS-Resources=NULL, | > | | QoS-Auth-Data,User-ID)| > | | +--------+--------------+ > | | | Authorize request | > | | | Keep no session data | > | | | | > | | +--------+--------------+ > | |< - - - - QAA - - - - - -+ > | |(Result-Code) | > | | | > | +-------+---------+ > | |Proceeed with | > | |QoS signaling | > | |exchange | > | +-------+---------+ > | | > | +----------QoS-Reserve---------------> > | | > | |<---------QoS-Response--------------- > |<--QoS-Response----+ > > > ciao > hannes > > > >> Hi, >> >> I would expect that in certain networks, not everybody may query the >> network of available resources. Thus, there could be need to >> include an >> auhtorization token, or ask from a Diameter server whether the node >> sending the query is allowed to do that. >> >> Cheers, >> Jukka >> >> >> On Thu, 6 Oct 2005, Hannes Tschofenig wrote: >> >> >> >>> hi all, >>> >>> as part of our work on the diameter-qos application and the >>> >>> >> radius-qos draft >> >> >>> we came across the aspect of authorizing individual types >>> >>> >> of actions taken by >> >> >>> the qos signaling protocol. from discussions in the past i >>> >>> >> remember that >> >> >>> people wanted to authorize query messages as well. when we >>> >>> >> come to the >> >> >>> concrete details we are not quite sure what it actually >>> >>> >> means. what would be >> >> >>> the authorization decision regarding the query message >>> >>> >> people have in mind? >> >> >>> >>> ciao >>> hannes >>> >>> >>> >>> >>> >> >> _______________________________________________ >> nsis mailing list >> nsis@ietf.org >> https://www1.ietf.org/mailman/listinfo/nsis >> >> >> > > _______________________________________________ > nsis mailing list > nsis@ietf.org > https://www1.ietf.org/mailman/listinfo/nsis > > _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
- AW: [NSIS] Re: authorizing query messages Tschofenig, Hannes
- Re: AW: [NSIS] Re: authorizing query messages Jukka MJ Manner
- Re: AW: [NSIS] Re: authorizing query messages Georgios Karagiannis
- Re: AW: [NSIS] Re: authorizing query messages David R Oran
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages john.loughney
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An