RE: AW: [NSIS] Re: authorizing query messages
"Roy, Radhika \(AEAD\)" <RoyR@saic-abingdon.com> Thu, 13 October 2005 13:35 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3F7-0007sz-8k; Thu, 13 Oct 2005 09:35:33 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ3F5-0007sh-Gn for nsis@megatron.ietf.org; Thu, 13 Oct 2005 09:35:31 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17758 for <nsis@ietf.org>; Thu, 13 Oct 2005 09:35:28 -0400 (EDT)
Received: from mclmx.mail.saic.com ([149.8.64.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ3Pb-0003cz-FV for nsis@ietf.org; Thu, 13 Oct 2005 09:46:24 -0400
Received: from 0015-its-ieg01.mail.saic.com ([149.8.64.21] [149.8.64.21]) by mclmx.mail.saic.com; Thu, 13 Oct 2005 09:35:24 -0400
Received: from mclmx.mail.saic.com ([149.8.64.10]) by 0015-its-ieg01.mail.saic.com (SMSSMTP 4.0.5.66) with SMTP id M2005101309352402270 ; Thu, 13 Oct 2005 09:35:24 -0400
Received: from bh-exchangefe.saic-abingdon.com ([149.8.64.21] [149.8.64.21]) by mclmx.mail.saic.com with ESMTP; Thu, 13 Oct 2005 09:35:24 -0400
Received: from bh-exchange02.saic-abingdon.com ([10.42.81.226]) by bh-exchangefe.saic-abingdon.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Oct 2005 09:39:06 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: AW: [NSIS] Re: authorizing query messages
Date: Thu, 13 Oct 2005 09:38:43 -0400
Message-Id: <2FE23D25B7292B489A217D1965CDA8667264D7@bh-exchange02.saic-abingdon.com>
Thread-Topic: AW: [NSIS] Re: authorizing query messages
Thread-Index: AcXPUKLfkBvvP6+1QrqWtcJBlPidlQAE8wGZ
From: "Roy, Radhika (AEAD)" <RoyR@saic-abingdon.com>
To: "Nguyen, An" <an.p.nguyen@dhs.gov>, "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
X-OriginalArrivalTime: 13 Oct 2005 13:39:06.0203 (UTC) FILETIME=[7B48B2B0:01C5CFFB]
X-Spam-Score: 0.8 (/)
X-Scan-Signature: 303e29529f30c23b95ea718537067fd5
Cc: "McDonald, Andrew" <andrew.mcdonald@roke.co.uk>, Georgios Karagiannis <karagian@cs.utwente.nl>, Jukka MJ Manner <jmanner@cs.Helsinki.FI>, nsis@ietf.org
X-BeenThere: nsis@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Next Steps in Signaling <nsis.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:nsis@ietf.org>
List-Help: <mailto:nsis-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1405043372=="
Sender: nsis-bounces@ietf.org
Errors-To: nsis-bounces@ietf.org
An: I do NOT think that Diameter SIP application is the right place to do so. There are several steps to do so as follows: 1. QSPEC is not an application per se. It is mere couple of QoS parameters (please note that it is NOT QoS model - it is extremely technically confusing as well as technically inconsistent to mix QSPEC and QoS Model in the same breath/place). 2. A QSPEC cannot independently sent in the middle of something unless it is coupled with to meet any application's needs. 3. SIP is only ONE real-time application, and however, QSPEC is good for all applications including both real-time and non-real-time applications. 4. Diameter QoS Application is the right place for extending this using QSPEC (again NOT QoS models). 5. If item 3 can use item 4, it will then prove all standards Diameter-based standards are consistent. 6. With respect to NSIS signaling protocol, item 5 will also test whether or not NSIS protocol is good or not. Hope this clarifies your question. If you have any more questions, please let me know. Best regards, Radhika ________________________________ From: nsis-bounces@ietf.org on behalf of Nguyen, An Sent: Wed 10/12/2005 1:09 PM To: 'David R Oran'; Tschofenig, Hannes Cc: McDonald, Andrew; Georgios Karagiannis; Jukka MJ Manner; nsis@ietf.org Subject: RE: AW: [NSIS] Re: authorizing query messages David, Just a question: Do we need to enhance http://www.ietf.org/internet-drafts/draft-ietf-aaa-diameter-sip-app-09.txt to include QSPEC if you we decide to use DIAMETER to perform the authorization for users' resources? Thanks, An -----Original Message----- From: David R Oran [mailto:oran@cisco.com] Sent: Monday, October 10, 2005 10:52 AM To: Tschofenig, Hannes Cc: McDonald, Andrew; Georgios Karagiannis; Jukka MJ Manner; nsis@ietf.org Subject: Re: AW: [NSIS] Re: authorizing query messages Do you think it makes sense to have the authorization response to the query return a QSPEC with the user's authorized resources so that can be returned along with the available resources (or alternatively used by the NSLP to reduce the reported available resources to only the amount authorized? On Oct 6, 2005, at 11:37 AM, Tschofenig, Hannes wrote: > hi jukka, > > thanks for your feedback. here is a proposal how to handle > authorization > for the query message: > > the query message triggers a QAR with the authentication info but > without any QoS-Resources. > it might be necessary to indicate (somewhere) that this is only a > query > without the need to enable accounting and charging. > > as such, the response in the QAA is also limited to the result rather > than returning information like avps like CC-Time,Cost, > QoS-Resources,Authz-time). > > here is the figure: > > End-Host Network Element Entity > requesting QoS ( Diameter ( Diameter > QoS Client) QoS Server) > | | | > +---QoS-Query------>| | > | +- - - - - QAR - - - - - >| > | |(QoS-Resources=NULL, | > | | QoS-Auth-Data,User-ID)| > | | +--------+--------------+ > | | | Authorize request | > | | | Keep no session data | > | | | | > | | +--------+--------------+ > | |< - - - - QAA - - - - - -+ > | |(Result-Code) | > | | | > | +-------+---------+ > | |Proceeed with | > | |QoS signaling | > | |exchange | > | +-------+---------+ > | | > | +----------QoS-Reserve---------------> > | | > | |<---------QoS-Response--------------- > |<--QoS-Response----+ > > > ciao > hannes > > > >> Hi, >> >> I would expect that in certain networks, not everybody may query the >> network of available resources. Thus, there could be need to >> include an >> auhtorization token, or ask from a Diameter server whether the node >> sending the query is allowed to do that. >> >> Cheers, >> Jukka >> >> >> On Thu, 6 Oct 2005, Hannes Tschofenig wrote: >> >> >> >>> hi all, >>> >>> as part of our work on the diameter-qos application and the >>> >>> >> radius-qos draft >> >> >>> we came across the aspect of authorizing individual types >>> >>> >> of actions taken by >> >> >>> the qos signaling protocol. from discussions in the past i >>> >>> >> remember that >> >> >>> people wanted to authorize query messages as well. when we >>> >>> >> come to the >> >> >>> concrete details we are not quite sure what it actually >>> >>> >> means. what would be >> >> >>> the authorization decision regarding the query message >>> >>> >> people have in mind? >> >> >>> >>> ciao >>> hannes >>> >>> >>> >>> >>> >> >> _______________________________________________ >> nsis mailing list >> nsis@ietf.org >> https://www1.ietf.org/mailman/listinfo/nsis >> >> >> > > _______________________________________________ > nsis mailing list > nsis@ietf.org > https://www1.ietf.org/mailman/listinfo/nsis > > _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis _______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
_______________________________________________ nsis mailing list nsis@ietf.org https://www1.ietf.org/mailman/listinfo/nsis
- AW: [NSIS] Re: authorizing query messages Tschofenig, Hannes
- Re: AW: [NSIS] Re: authorizing query messages Jukka MJ Manner
- Re: AW: [NSIS] Re: authorizing query messages Georgios Karagiannis
- Re: AW: [NSIS] Re: authorizing query messages David R Oran
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages john.loughney
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An
- RE: AW: [NSIS] Re: authorizing query messages Roy, Radhika (AEAD)
- RE: AW: [NSIS] Re: authorizing query messages Nguyen, An