|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RFCs & Drafts related to
AAA working group
|
|
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Last Update: Jul 07, 2008
-- Color Legend: RFC Editor Queue
/ Processed by IESG
/ ID Exists
/ Recently Expired
-- Each I-D name is a link to an I-D description, which points to a text version, a two-page and fit-in-window PDF version, as well as the IETF Tools' HTML version.
|
|
|
|
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
| The charter of the AAA working group -- which has been concluded in Feb 2006 --
is reported below.
|
|
|
|
The Authentication, Authorization and Accounting Working Group
focused on the development of requirements for Authentication,
Authorization and Accounting as applied to network access.
Requirements were gathered from NASREQ, MOBILE IP, and ROAMOPS
Working Groups as well as TIA 45.6. The AAA WG then solicited
submission of protocols meeting the requirements, and evaluated
the submissions.
This incarnation of the AAA Working Group will focus on development
of an IETF Standards track protocol, based on the DIAMETER submission.
In this process, it is to be understood that the IETF does not function
as a rubber stamp. It is likely that the protocol will be changed
significantly during the process of development.
The immediate goals of the AAA working group are to address the
following issues:
|
|
| - |
Clarity. The protocol documents should clearly describe the contents
of typical messages and the requirements for interoperability.
|
| - |
Error messages. The protocol should define categories of error
messages, enabling implementations to respond correctly based on the
category. The set of error messages should cover the full range of
operational problems.
|
| - |
Accounting. The accounting operational model should be described for
each type of network access.
|
| - |
IPv6. The protocol must include attributes in support for IPv6
network access and must be transportable over IPv6.
|
| - |
Transport. The protocol should be transport independent and must
define at least one mandatory-to-implement transport mapping. Other
transport mappings may also be defined. All transport mappings must
effectively support congestion control.
|
| - |
Explicit proxy support. The protocol should offer explicit support
for proxies, including support for automated message routing, route
recording, and (where necessary) path hiding.
|
| - |
RADIUS compatibility. The protocol should provide improved RADIUS
backward compatibility in the case where only RADIUS attributes are
used or where RADIUS proxies or servers exist in the path.
|
| - |
Security. The protocol should define a lightweight data object
security model that is implementable on NASes.
|
| - |
Data model. The proposal should offer logical separation between the
protocol and the data model and should support rich data types.
|
| - |
MIBs. A MIB must be defined, supporting both IPv4 and IPv6 operation.
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC2924
09/2000
(36 p.)
[html]
[pdf(2)] |
N. Brownlee
A. Blount |
|
Accounting Attributes and Record Formats |
|
This document summarises Internet Engineering Task Force (IETF) and
International Telecommunication Union (ITU-T) documents related to
Accounting. A classification scheme for the Accounting Attributes in
the summarised documents is presented. Exchange formats for
Accounting data records are discussed, as are advantages and
disadvantages of integrated versus separate record formats and
transport protocols. This document discusses service definition
independence, extensibility, and versioning. Compound service
definition capabilities are described.
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC2975
10/2000
(54 p.)
[html]
[pdf(2)] |
B. Aboba
J. Arkko
D. Harrington |
|
Introduction to Accounting Management |
The field of Accounting Management is concerned with the collection
of resource consumption data for the purposes of capacity and trend
analysis, cost allocation, auditing, and billing. This document
describes each of these problems, and discusses the issues involved
in design of modern accounting systems.
Since accounting applications do not have uniform security and
reliability requirements, it is not possible to devise a single
accounting protocol and set of security services that will meet all
needs. Thus the goal of accounting management is to provide a set of
tools that can be used to meet the requirements of each application.
This document describes the currently available tools as well as the
state of the art in accounting protocol design. A companion
document, RFC 2924, reviews the state of the art in accounting
attributes and record formats.
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC2989
11/2000
(28 p.)
[html]
[pdf(2)] |
Aboba, et al. |
|
Criteria for Evaluating AAA Protocols for Network Access |
This document represents a summary of Authentication, Authorization,
Accounting (AAA) protocol requirements for network access. In
creating this document, inputs were taken from documents produced by
the Network Access Server Requirements Next Generation (NASREQ),
Roaming Operations (ROAMOPS), and MOBILEIP working groups, as well as
from TIA 45.6.
This document summarizes the requirements collected from those
sources, separating requirements for authentication, authorization
and accounting. Details on the requirements are available in the
original documents.
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC3127
06/2001
(84 p.)
[html]
[pdf(2)] |
D. Mitton
M. St.Johns
S. Barkley
D. Nelson
B. Patil
M. Stevens
B. Wolff |
|
Authentication, Authorization, and Accounting: Protocol Evaluation |
|
This memo represents the process and findings of the Authentication,
Authorization, and Accounting Working Group (AAA WG) panel evaluating
protocols proposed against the AAA Network Access Requirements, RFC
2989. Due to time constraints of this report, this document is not
as fully polished as it might have been desired. But it remains
mostly in this state to document the results as presented.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC3588
09/2003
(147 p.)
[html]
[pdf(2)] |
P. Calhoun
J. Loughney
E. Guttman
G. Zorn
J. Arkko |
|
Diameter Base Protocol |
|
The Diameter base protocol is intended to provide an Authentication,
Authorization and Accounting (AAA) framework for applications such as
network access or IP mobility. Diameter is also intended to work in
both local Authentication, Authorization & Accounting and roaming
situations. This document specifies the message format, transport,
error reporting, accounting and security services to be used by all
Diameter applications. The Diameter base application needs to be
supported by all Diameter implementations.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC3589
09/2003
(5 p.)
[html]
[pdf(2)] |
J. Loughney |
|
Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5 |
|
This document describes the IANA's allocation of a block of Diameter
Command Codes for the Third Generation Partnership Project (3GPP)
Release 5. This document does not pass judgment on the usage of
these command codes. Further more, these command codes are for use
for Release 5. For future releases, these codes cannot be reused,
but must be allocated according to the Diameter Base specification.
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC4004
08/2005
(53 p.)
[html]
[pdf(2)] |
P. Calhoun
T. Johansson
C. Perkins
T. Hiller
P. McCann |
|
Diameter Mobile IPv4 Application |
|
This document specifies a Diameter application that allows a Diameter
server to authenticate, authorize and collect accounting information
for Mobile IPv4 services rendered to a mobile node. Combined with
the Inter-Realm capability of the base protocol, this application
allows mobile nodes to receive service from foreign service
providers. Diameter Accounting messages will be used by the foreign
and home agents to transfer usage information to the Diameter
servers.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4005
08/2005
(85 p.)
[html]
[pdf(2)] |
P. Calhoun
G. Zorn
D. Spence
D. Mitton |
|
Diameter Network Access Server Application |
This document describes the Diameter protocol application used for
Authentication, Authorization, and Accounting (AAA) services in the
Network Access Server (NAS) environment. When combined with the
Diameter Base protocol, Transport Profile, and Extensible
Authentication Protocol specifications, this application
specification satisfies typical network access services requirements.
Initial deployments of the Diameter protocol are expected to include
legacy systems. Therefore, this application has been carefully
designed to ease the burden of protocol conversion between RADIUS and
Diameter. This is achieved by including the RADIUS attribute space
to eliminate the need to perform many attribute translations.
The interactions between Diameter applications and RADIUS specified
in this document are to be applied to all Diameter applications. In
this sense, this document extends the Base Diameter protocol.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4006
08/2005
(114 p.)
[html]
[pdf(2)] |
H. Hakala
L. Mattila
J-P. Koskinen
M. Stura
J. Loughney |
|
Diameter Credit-Control Application |
|
This document specifies a Diameter application that can be used to
implement real-time credit-control for a variety of end user services
such as network access, Session Initiation Protocol (SIP) services,
messaging services, and download services.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4072
08/2005
(33 p.)
[html]
[pdf(2)] |
P. Eronen
T. Hiller
G. Zorn |
|
Diameter Extensible Authentication Protocol (EAP) Application |
|
The Extensible Authentication Protocol (EAP) provides a standard
mechanism for support of various authentication methods. This
document defines the Command-Codes and AVPs necessary to carry EAP
packets between a Network Access Server (NAS) and a back-end
authentication server.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4740
11/2006
(72 p.)
[html]
[pdf(2)] |
M. Garcia-Martin
M. Belinchon
M. Pallares-Lopez
C. Canales
K. Tammi |
|
Diameter Session Initiation Protocol (SIP) Application |
|
This document specifies the Diameter Session Initiation Protocol
(SIP) application. This is a Diameter application that allows a
Diameter client to request authentication and authorization
information. This application is designed to be used in conjunction
with SIP and provides a Diameter client co-located with a SIP server,
with the ability to request the authentication of users and
authorization of SIP resources usage from a Diameter server.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4962
07/2007
(23 p.)
[html]
[pdf(2)] |
R. Housley
B. Aboba |
|
Guidance for Authentication, Authorization, and Accounting (AAA)
Key Management |
|
This document provides guidance to designers of Authentication,
Authorization, and Accounting (AAA) key management protocols. The
guidance is also useful to designers of systems and solutions that
include AAA key management protocols. Given the complexity and
difficulty in designing secure, long-lasting key management
algorithms and protocols by experts in the field, it is almost
certainly inappropriate for IETF working groups without deep
expertise in the area to be designing their own key management
algorithms and protocols based on Authentication, Authorization, and
Accounting (AAA) protocols. The guidelines in this document apply to
documents requesting publication as IETF RFCs. Further, these
guidelines will be useful to other standards development
organizations (SDOs) that specify AAA key management.
|
|
|
| |
| Up List |
Status: | Best Current Practice |
|
|
|
|
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
| Operations and Management (OPS) area |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
