1

Authentication and User Profile

April 24, 2007

Jun WangQUALCOMM Inc.

NoticeContributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.

2

Overview

• In UMB network design, QoS User Profile will be sent to SRNC from LAAA/HAAA via successful access authentication. However, Some User Profile and information also needs to be sent to AGW (for example, IP services authorization, MIPv6 HA IP address etc)

• Two Options:– Option 1: Place the AGW in the initial Access Authentication

path– Option 2: AGW fetches user profile from LAAA

3

Option 1: AGW is in the path of EAP Access Authentication (AGW serves as LAAA Function)

6. EAP-Methods Exchanges

AT SRNCVAAA(Proxy)

1. UMB Session Setup

AGW

14. IP Address Assignment and Configuration

13. PMIP/GRE Tunnel Establishment(User ID, GRE)

10. Link ID

12. DAP Move Request and Assignment

11. Presents IP Interface

to Upper Layers

HAAA

2. EAP Identity Request

3. EAP Identity Response

DAP

4. DIAMETER-EAP-Request [EAP Identity Request] 5. DIAMETER-EAP-Request [EAP Identity Request]

[AGW Capability, NAS ID=AGW]

7. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, User Profile, MIPv6 HA IP Address, DSRK]

8. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, PMN-HA Key]

9. EAP Success

15. User Profile/QoS user Profile

Updates

16. User Profile, QoS User Profile17. QoS User Profile

4

Option 1 Highlights

• The AGW serves as LAAA function

• AGW can be dynamically selected based on loading:– The eBS queries local DNS that returns an AGW's IP address

based on load balance algorithm in the DNS server. 

• The AGW is in the path of initial EAP Access Authentication and authorization

• The AGW stores User Profile and other information during Successful Access Authentication

5

Option 2: AGW is separate from LAAA

6. EAP-Methods Exchanges

AT SRNC LAAA

1. UMB Session Setup

AGW

14. IP Address Assignment and Configuration

13. PMIP/GRE Tunnel Establishment(User ID, GRE)

10. Link ID

12. DAP Move Request and Assignment

11. Presents IP Interface

to Upper Layers

HAAA

2. EAP Identity Request

3. EAP Identity Response

DAP

4. DIAMETER-EAP-Request [EAP Identity Request] 5. DIAMETER-EAP-Request [EAP Identity Request]

7. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, User Profile, MIPv6 HA IP Address, DSRK]

8. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, PMN-HA Key]

9. EAP Success

15. User Profile/QoS User Profile

Updates

16. User Profile, QoS User Profile17. User Profile, QoS User Profile

13. Diameter Request (AGW Capability)

13'. Diameter Answer (User Profile, MIPv6 HA IP

address, PMN-HA Key)

18. QoS User Profile

6

Option 2 Highlights

• LAAA and AGW can be different physical entities

• AGW can be dynamically selected based on loading:– The eBS queries local DNS that returns an AGW's IP address

based on load balance algorithm in the DNS server. 

• LAAA stores User Profile and other information during Successful Access Authentication

• The AGW retrieves User Profile and other information from LAAA triggered by AN-AGW PMIP tunnel establishment

7

Recommendations

• Review and discuss which option should be adopted

• Stage 3 will follow up