Internet Draft
INTERNET DRAFT                                            Pat R. Calhoun
Category: Standards Track                          Sun Microsystems, Inc.
Title: draft-calhoun-diameter-authent-06.txt              William Bulley
Date: August 1999                                    Merit Network, Inc.



                                DIAMETER
                      Dial-Up (ROAMOPS) Extensions



Status of this Memo

   This document is an individual contribution for consideration by the
   AAA Working Group of the Internet Engineering Task Force.  Comments
   should be submitted to the diameter@ipass.com mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at:

      http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at:

      http://www.ietf.org/shadow.html.


Abstract

   This document describes the DIAMETER Dial-up User Authentication
   Extension that is used for ROAMOPS [4] purposes. This specification
   was carefully designed to ease the burden of servers that must act as
   RADIUS/DIAMETER gateways, by re-using the same address space that
   RADIUS has defined [1]. Further, by re-using the same address space,
   it allows a single server to read the same dictiionary for both



Calhoun, Bulley           expires January 2000                  [Page 1]





INTERNET DRAFT                                               August 1999


   DIAMETER and RADIUS. This backward compatibility will hopefully
   facilitate deployment of DIAMETER.

















































Calhoun, Bulley           expires January 2000                  [Page 2]





INTERNET DRAFT                                               August 1999


Table of Contents

      1.0  Introduction
            1.1  Requirements language
            1.2  Changes in version -06
      2.0  Command Codes
            2.1  AA-Request (AAR)
            2.2  AA-Answer (AAA)
            2.3  AA-Challenge-Ind (ACI)
      3.0  DIAMETER AVPs
            3.1  User-Name
            3.2  User-Password
            3.3  CHAP-Password
            3.4  NAS-Port
            3.5  Service-Type
            3.6  Framed-Protocol
            3.7  Framed-IP-Address
            3.8  Framed-IP-Netmask
            3.9  Framed-Routing
            3.10 Filter-Id
            3.11 Framed-MTU
            3.12 Framed-Compression
            3.13 Login-IP-Host
            3.14 Login-Service
            3.15 Login-TCP-Port
            3.16 Reply-Message
            3.17 Callback-Number
            3.18 Callback-Id
            3.19 Framed-Route
            3.20 Framed-IPX-Network
            3.21 Idle-Timeout
            3.22 Called-Station-Id
            3.23 Calling-Station-Id
            3.24 Login-LAT-Service
            3.25 Login-LAT-Node
            3.26 Login-LAT-Group
            3.27 Framed-AppleTalk-Link
            3.28 Framed-AppleTalk-Network
            3.29 Framed-AppleTalk-Zone
            3.30 CHAP-Challenge
            3.31 NAS-Port-Type
            3.32 Port-Limit
            3.33 Login-LAT-Port
            3.34 Filter-Rule
            3.35 Framed-Password-Policy
            3.36 Table of Attributes
      4.0  Protocol Definition
            4.1  Feature Advertisement/Discovery



Calhoun, Bulley           expires January 2000                  [Page 3]





INTERNET DRAFT                                               August 1999


            4.2  Authorization Procedure
            4.3  Integration with Resource-Management
      5.0  References
      6.0  Acknowledgements
      7.0  Authors' Addresses
      8.0  Full Copyright Statement


1.0  Introduction

   This document describes the DIAMETER Dial-up User Authentication
   Extension that is used for ROAMOPS [4] purposes. This specification
   was carefully designed to ease the burden of servers that must act as
   RADIUS/DIAMETER gateways, by re-using the same address space that
   RADIUS has defined [1]. Further, by re-using the same address space,
   it allows a single server to read the same dictiionary for both
   DIAMETER and RADIUS. This backward compatibility will hopefully
   facilitate deployment of DIAMETER.

   The Extension number for this draft is one (1). This value is used in
   the Extension-Id AVP as defined in [2].


1.1  Copyright Statement

   Copyright   (C) The Internet Society 1999.  All Rights Reserved.


1.2  Requirements language

   In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
   "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
   described in [12].


1.3  Changes in version -06

   The following changes have been made to version 06:

      - Changes to AVP Header Flags

      - Change to the document title

      - Changed the Command-Specific AVP Flags in all command codes
      defined.

      - Added a reference to RFC 1994 (CHAP)




Calhoun, Bulley           expires January 2000                  [Page 4]





INTERNET DRAFT                                               August 1999


2.0  Command Codes

   This document defines the following DIAMETER Commands. All DIAMETER
   implementations supporting this extension MUST support all of the
   following commands:

      Command Name          Command Code
      -----------------------------------
      AA-Request                263
      AA-Answer                 264
      AA-Challenge-Ind          265


2.1  AA-Request (AAR)

   Description

      The AA-Request message is used in order to request authentication
      and authorization for a given user.

      If Authentication is requested the User-Name attribute MUST be
      present. If only Authorization is required it is possible to
      authorize based on DNIS and ANI instead. However, it is not
      possible to authenticate using a User-Name AVP and later
      requesting authorization based on DNIS using the same Session-Id
      (although the inverse is legal).

      Note that the flag field MAY be used in this command in order to
      indicate that either Authentication-Only or Authorization-Only is
      required for the request. If the Authentication-Only bit is set
      the response MUST NOT include any authorization information. Both
      the Authenticate and Authorize bits MUST NOT be set at the same
      time. To ensure that a user is both authenticated and authorized,
      neither flag is set.

      The AA-Request message MUST include a unique Session-Id AVP. If
      The AA-Request is a result of a successful AA-Challenge-Ind the
      Session-Id MUST be identical to the one provided in the initial
      AA-Request.

   Message Format

      Section 3.36 contains a complete list of all valid AVPs for this
      message.







Calhoun, Bulley           expires January 2000                  [Page 5]





INTERNET DRAFT                                               August 1999


       ::= 
                       
                       
                       
                       []
                       []
                       []
                       []
                       { ||
                        
                       
                       
                       { ||
                         ::= 
                       
                       
                       
                       []
                       
                       []
                       []
                       []
                       []
                       []
                       
                       
                       
                       { ||
                        
                           
                           
                           
                           []
                           
                           []
                           []
                           []
                           []
                           
                           
                           
                           { ||
                            2138, Livingston, April 1997
    [2] Calhoun, Rubens, "DIAMETER Base Protocol",
        draft-calhoun-diameter-08.txt, Work in Progress,
        August 1999.
    [3] Aboba, Beadles "The Network Access Identifier." RFC 2486.
        January 1999.
    [4] Aboba, Zorn, "Criteria for Evaluating Roaming Protocols",
        RFC 2477, January 1999.
    [5] Calhoun, Rubens, Aboba, "DIAMETER Extensible Authentication
        Protocol Extensions", draft-calhoun-diameter-eap-03.txt,
        Work in Progress, August 1999.
    [6] W. Simpson, "PPP Challenge Handshake Authentication
        Protocol (CHAP)", RFC 1994, August 1996.
    [7] Jacobson, "Compressing TCP/IP headers for low-speed serial
        links", RFC 1144, February 1990.
    [8] ISO 8859. International Standard -- Information Processing --
        8-bit Single-Byte Coded Graphic Character Sets -- Part 1: Latin
        Alphabet No. 1, ISO 8859-1:1987.
        
    [9] Sklower, Lloyd, McGregor, Carr, "The PPP Multilink Protocol
        (MP)", RFC 1717, November 1994.
    [10] Calhoun, Greene, "DIAMETER Resource Management Extension",
         draft-calhoun-diameter-res-mgmt-02.txt, Work in Progress,
         February 1999.
    [11] Calhoun, Zorn, Pan, "DIAMETER Framework",
         draft-calhoun-diameter-framework-02.txt, Work in Progress,
         December 1998.
    [12] S. Bradner, "Key words for use in RFCs to Indicate
         Requirement Levels", BCP 14, RFC 2119, March 1997.
    [13] P. Calhoun, W. Bulley, "DIAMETER Proxy Server Extensions",
         draft-calhoun-diameter-proxy-02.txt, Work in Progress,
         August 1999.


6.0  Acknowledgements

   The Author wishes to thank Carl Rigney since much of the text in the
   document was shamefully copied from [1] as well as the following
   people for their help in the development of this protocol:



Calhoun, Bulley           expires January 2000                 [Page 52]





INTERNET DRAFT                                               August 1999


   Nancy Greene, Ryan Moats


7.0  Authors' Addresses

   Questions about this memo can be directed to:

      Pat R. Calhoun
      Network and Security Research Center, Sun Labs
      Sun Microsystems, Inc.
      15 Network Circle
      Menlo Park, California, 94025
      USA

       Phone:  1-650-786-7733
         Fax:  1-650-786-6445
      E-mail:  pcalhoun@eng.sun.com


      William Bulley
      Merit Network, Inc.
      4251 Plymouth Road, Suite C
      Ann Arbor, Michigan, 48105-2785
      USA

       Phone:  1-734-764-9993
         Fax:  1-734-647-3185
      E-mail:  web@merit.edu



8.0  Full Copyright Statement

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

   This document and translations of it may be copied  and  furnished  to
   others,  and  derivative works that comment on or otherwise explain it
   or assist in its implmentation may be prepared, copied, published  and
   distributed,  in  whole  or  in part, without restriction of any kind,
   provided that the  above  copyright  notice  and  this  paragraph  are
   included on all such copies and derivative works.  However, this docu-
   ment itself may not be modified in any way, such as  by  removing  the
   copyright notice or references to the Internet Society or other Inter-
   net organizations, except as needed  for  the  purpose  of  developing
   Internet standards in which case the procedures for copyrights defined
   in the Internet Standards process must be followed, or as required  to
   translate it into languages other than   English.  The limited permis-
   sions granted above are perpetual and  will  not  be  revoked  by  the



Calhoun, Bulley           expires January 2000                 [Page 53]





INTERNET DRAFT                                               August 1999


   Internet  Society or its successors or assigns.  This document and the
   information contained herein is provided on an "AS IS" basis  and  THE
   INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL
   WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY  WAR-
   RANTY  THAT  THE  USE  OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY
   RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS  FOR  A
   PARTICULAR PURPOSE."












































Calhoun, Bulley           expires January 2000                 [Page 54]