IETF Logo Mail Archive

Response to RADEXT WG review of <draft-ietf-mboned-multiaaa-framework-07.txt> (fwd)

"Bernard Aboba" <Bernard_Aboba@hotmail.com> Mon, 15 September 2008 17:21 UTC

Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 07D2F3A6BBB for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 15 Sep 2008 10:21:55 -0700 (PDT)
X-Quarantine-ID: <eKCMq9rsEBtv>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER, Duplicate header field: "Message-ID"
X-Spam-Flag: NO
X-Spam-Score: -0.247
X-Spam-Level:
X-Spam-Status: No, score=-0.247 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eKCMq9rsEBtv for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 15 Sep 2008 10:21:48 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5BFCF3A6952 for <radext-archive-IeZ9sae2@lists.ietf.org>; Mon, 15 Sep 2008 10:21:48 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1KfHhV-000P1H-MA for radiusext-data@psg.com; Mon, 15 Sep 2008 17:17:25 +0000
Received: from [65.54.246.149] (helo=bay0-omc2-s13.bay0.hotmail.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <bernard_aboba@hotmail.com>) id 1KfHhO-000Ozt-0V for radiusext@ops.ietf.org; Mon, 15 Sep 2008 17:17:20 +0000
Received: from hotmail.com ([10.4.31.20]) by bay0-omc2-s13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 15 Sep 2008 10:17:14 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 15 Sep 2008 10:17:13 -0700
Message-ID: <BLU137-DAV101C869FA6F2E5412C5D7993520@phx.gbl>
Received: from 24.16.124.122 by BLU137-DAV10.phx.gbl with DAV; Mon, 15 Sep 2008 17:17:12 +0000
X-Originating-IP: [24.16.124.122]
X-Originating-Email: [bernard_aboba@hotmail.com]
X-Sender: bernard_aboba@hotmail.com
From: Bernard Aboba <Bernard_Aboba@hotmail.com>
To: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Response to RADEXT WG review of <draft-ietf-mboned-multiaaa-framework-07.txt> (fwd)
Date: Mon, 15 Sep 2008 10:17:36 -0700
Message-ID: <000f01c91756$f2be16a0$d83a43e0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AckW99E9fTJ4e7fZSWOo7lS6R4K87wAXwujQ
Content-Language: en-us
X-OriginalArrivalTime: 15 Sep 2008 17:17:13.0980 (UTC) FILETIME=[E561FBC0:01C91756]
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>


-----Original Message-----
From: Alan DeKok [mailto:aland@deployingradius.com] 
Sent: Sunday, September 14, 2008 10:55 PM
To: Hannes Tschofenig
Cc: Bernard Aboba; aaa-doctors@ietf.org
Subject: Re: [AAA-DOCTORS] [Fwd: [MBONED] WGLC
for<draft-ietf-mboned-multiaaa-framework-07.txt>]

Hannes Tschofenig wrote:
> could you check on behalf of RADEXT whether the Alan's review comments 
> have been incorporated (or ask Alan todo so)?
> I will do the same for the reviews we did in DIME.

  Many of my review comments have been incorporated.  The document is
appreciably better.

  However, many of the changes are also problematic.  As I said in my
earlier review, the document still combines concepts in an inconsistent
and confusing way:

   The level of account report messaging between the NSP and
   CP may be either configured statically or can be
   dynamically requested by the CP in its response to the
   Access-Request relayed by the NSP to the CP.  The
   determination of the actual level of report messaging is
   configured by the NSP at the NAS.

  Paraphrased: "stuff can be sent putting things in an Access-Request".

  I don't see how this can be helpful.  That being said, this paragraph
is still clearer than the previous versions.

  The document needs to figure out it's purpose.  It claims to be a
model, but it also defines requirements.

  As it stands, I don't think the document accurately describes
*existing* AAA systems.  I don't think the system described can be
implemented using existing AAA systems.  e.g. it describes user Id's
being assigned at multiple points in the network.  What does that mean?
 Is it a provisioning system?  AAA systems don't normally assign
user-Id's (except for opaque id's such as Class or CUI)

  It's references to accounting still talk about "logging" accounting
data.  Is that a reference to a specific implementation method, a
requirement, or ... ?

  4.1 says:

   A CP may delegate AAA responsibility to a NSP. 'AAA proxy
   in NSP' is described in 4.7 for this case.

  How is delegation performed in a AAA framework?  Diameter supports
redirection, but I don't recall delegation being part of it.  "Hi,
please authenticate all of my users, and no, I don't want to see billing
information."  Weird.

  Alan DeKok,


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email