Internet Draft
INTERNET DRAFT Pat R. Calhoun
Category: Standards Track Sun Microsystems, Inc.
Title: draft-calhoun-diameter-authent-06.txt William Bulley
Date: August 1999 Merit Network, Inc.
DIAMETER
Dial-Up (ROAMOPS) Extensions
Status of this Memo
This document is an individual contribution for consideration by the
AAA Working Group of the Internet Engineering Task Force. Comments
should be submitted to the diameter@ipass.com mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Abstract
This document describes the DIAMETER Dial-up User Authentication
Extension that is used for ROAMOPS [4] purposes. This specification
was carefully designed to ease the burden of servers that must act as
RADIUS/DIAMETER gateways, by re-using the same address space that
RADIUS has defined [1]. Further, by re-using the same address space,
it allows a single server to read the same dictiionary for both
Calhoun, Bulley expires January 2000 [Page 1]
INTERNET DRAFT August 1999
DIAMETER and RADIUS. This backward compatibility will hopefully
facilitate deployment of DIAMETER.
Calhoun, Bulley expires January 2000 [Page 2]
INTERNET DRAFT August 1999
Table of Contents
1.0 Introduction
1.1 Requirements language
1.2 Changes in version -06
2.0 Command Codes
2.1 AA-Request (AAR)
2.2 AA-Answer (AAA)
2.3 AA-Challenge-Ind (ACI)
3.0 DIAMETER AVPs
3.1 User-Name
3.2 User-Password
3.3 CHAP-Password
3.4 NAS-Port
3.5 Service-Type
3.6 Framed-Protocol
3.7 Framed-IP-Address
3.8 Framed-IP-Netmask
3.9 Framed-Routing
3.10 Filter-Id
3.11 Framed-MTU
3.12 Framed-Compression
3.13 Login-IP-Host
3.14 Login-Service
3.15 Login-TCP-Port
3.16 Reply-Message
3.17 Callback-Number
3.18 Callback-Id
3.19 Framed-Route
3.20 Framed-IPX-Network
3.21 Idle-Timeout
3.22 Called-Station-Id
3.23 Calling-Station-Id
3.24 Login-LAT-Service
3.25 Login-LAT-Node
3.26 Login-LAT-Group
3.27 Framed-AppleTalk-Link
3.28 Framed-AppleTalk-Network
3.29 Framed-AppleTalk-Zone
3.30 CHAP-Challenge
3.31 NAS-Port-Type
3.32 Port-Limit
3.33 Login-LAT-Port
3.34 Filter-Rule
3.35 Framed-Password-Policy
3.36 Table of Attributes
4.0 Protocol Definition
4.1 Feature Advertisement/Discovery
Calhoun, Bulley expires January 2000 [Page 3]
INTERNET DRAFT August 1999
4.2 Authorization Procedure
4.3 Integration with Resource-Management
5.0 References
6.0 Acknowledgements
7.0 Authors' Addresses
8.0 Full Copyright Statement
1.0 Introduction
This document describes the DIAMETER Dial-up User Authentication
Extension that is used for ROAMOPS [4] purposes. This specification
was carefully designed to ease the burden of servers that must act as
RADIUS/DIAMETER gateways, by re-using the same address space that
RADIUS has defined [1]. Further, by re-using the same address space,
it allows a single server to read the same dictiionary for both
DIAMETER and RADIUS. This backward compatibility will hopefully
facilitate deployment of DIAMETER.
The Extension number for this draft is one (1). This value is used in
the Extension-Id AVP as defined in [2].
1.1 Copyright Statement
Copyright (C) The Internet Society 1999. All Rights Reserved.
1.2 Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [12].
1.3 Changes in version -06
The following changes have been made to version 06:
- Changes to AVP Header Flags
- Change to the document title
- Changed the Command-Specific AVP Flags in all command codes
defined.
- Added a reference to RFC 1994 (CHAP)
Calhoun, Bulley expires January 2000 [Page 4]
INTERNET DRAFT August 1999
2.0 Command Codes
This document defines the following DIAMETER Commands. All DIAMETER
implementations supporting this extension MUST support all of the
following commands:
Command Name Command Code
-----------------------------------
AA-Request 263
AA-Answer 264
AA-Challenge-Ind 265
2.1 AA-Request (AAR)
Description
The AA-Request message is used in order to request authentication
and authorization for a given user.
If Authentication is requested the User-Name attribute MUST be
present. If only Authorization is required it is possible to
authorize based on DNIS and ANI instead. However, it is not
possible to authenticate using a User-Name AVP and later
requesting authorization based on DNIS using the same Session-Id
(although the inverse is legal).
Note that the flag field MAY be used in this command in order to
indicate that either Authentication-Only or Authorization-Only is
required for the request. If the Authentication-Only bit is set
the response MUST NOT include any authorization information. Both
the Authenticate and Authorize bits MUST NOT be set at the same
time. To ensure that a user is both authenticated and authorized,
neither flag is set.
The AA-Request message MUST include a unique Session-Id AVP. If
The AA-Request is a result of a successful AA-Challenge-Ind the
Session-Id MUST be identical to the one provided in the initial
AA-Request.
Message Format
Section 3.36 contains a complete list of all valid AVPs for this
message.
Calhoun, Bulley expires January 2000 [Page 5]
INTERNET DRAFT August 1999
::=
[]
[]
[]
[]
{ ||
{ ||
::=
[]
[]
[]
[]
[]
[]
{ ||
[]
[]
[]
[]
[]
{ ||
2138, Livingston, April 1997
[2] Calhoun, Rubens, "DIAMETER Base Protocol",
draft-calhoun-diameter-08.txt, Work in Progress,
August 1999.
[3] Aboba, Beadles "The Network Access Identifier." RFC 2486.
January 1999.
[4] Aboba, Zorn, "Criteria for Evaluating Roaming Protocols",
RFC 2477, January 1999.
[5] Calhoun, Rubens, Aboba, "DIAMETER Extensible Authentication
Protocol Extensions", draft-calhoun-diameter-eap-03.txt,
Work in Progress, August 1999.
[6] W. Simpson, "PPP Challenge Handshake Authentication
Protocol (CHAP)", RFC 1994, August 1996.
[7] Jacobson, "Compressing TCP/IP headers for low-speed serial
links", RFC 1144, February 1990.
[8] ISO 8859. International Standard -- Information Processing --
8-bit Single-Byte Coded Graphic Character Sets -- Part 1: Latin
Alphabet No. 1, ISO 8859-1:1987.
[9] Sklower, Lloyd, McGregor, Carr, "The PPP Multilink Protocol
(MP)", RFC 1717, November 1994.
[10] Calhoun, Greene, "DIAMETER Resource Management Extension",
draft-calhoun-diameter-res-mgmt-02.txt, Work in Progress,
February 1999.
[11] Calhoun, Zorn, Pan, "DIAMETER Framework",
draft-calhoun-diameter-framework-02.txt, Work in Progress,
December 1998.
[12] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[13] P. Calhoun, W. Bulley, "DIAMETER Proxy Server Extensions",
draft-calhoun-diameter-proxy-02.txt, Work in Progress,
August 1999.
6.0 Acknowledgements
The Author wishes to thank Carl Rigney since much of the text in the
document was shamefully copied from [1] as well as the following
people for their help in the development of this protocol:
Calhoun, Bulley expires January 2000 [Page 52]
INTERNET DRAFT August 1999
Nancy Greene, Ryan Moats
7.0 Authors' Addresses
Questions about this memo can be directed to:
Pat R. Calhoun
Network and Security Research Center, Sun Labs
Sun Microsystems, Inc.
15 Network Circle
Menlo Park, California, 94025
USA
Phone: 1-650-786-7733
Fax: 1-650-786-6445
E-mail: pcalhoun@eng.sun.com
William Bulley
Merit Network, Inc.
4251 Plymouth Road, Suite C
Ann Arbor, Michigan, 48105-2785
USA
Phone: 1-734-764-9993
Fax: 1-734-647-3185
E-mail: web@merit.edu
8.0 Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this docu-
ment itself may not be modified in any way, such as by removing the
copyright notice or references to the Internet Society or other Inter-
net organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to
translate it into languages other than English. The limited permis-
sions granted above are perpetual and will not be revoked by the
Calhoun, Bulley expires January 2000 [Page 53]
INTERNET DRAFT August 1999
Internet Society or its successors or assigns. This document and the
information contained herein is provided on an "AS IS" basis and THE
INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WAR-
RANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY
RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE."
Calhoun, Bulley expires January 2000 [Page 54]