1 authentication and user profile april 24, 2007 jun wang qualcomm inc. notice contributors grant a...
TRANSCRIPT
1
Authentication and User Profile
April 24, 2007
Jun WangQUALCOMM Inc.
NoticeContributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.
2
Overview
• In UMB network design, QoS User Profile will be sent to SRNC from LAAA/HAAA via successful access authentication. However, Some User Profile and information also needs to be sent to AGW (for example, IP services authorization, MIPv6 HA IP address etc)
• Two Options:– Option 1: Place the AGW in the initial Access Authentication
path– Option 2: AGW fetches user profile from LAAA
3
Option 1: AGW is in the path of EAP Access Authentication (AGW serves as LAAA Function)
6. EAP-Methods Exchanges
AT SRNCVAAA(Proxy)
1. UMB Session Setup
AGW
14. IP Address Assignment and Configuration
13. PMIP/GRE Tunnel Establishment(User ID, GRE)
10. Link ID
12. DAP Move Request and Assignment
11. Presents IP Interface
to Upper Layers
HAAA
2. EAP Identity Request
3. EAP Identity Response
DAP
4. DIAMETER-EAP-Request [EAP Identity Request] 5. DIAMETER-EAP-Request [EAP Identity Request]
[AGW Capability, NAS ID=AGW]
7. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, User Profile, MIPv6 HA IP Address, DSRK]
8. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, PMN-HA Key]
9. EAP Success
15. User Profile/QoS user Profile
Updates
16. User Profile, QoS User Profile17. QoS User Profile
4
Option 1 Highlights
• The AGW serves as LAAA function
• AGW can be dynamically selected based on loading:– The eBS queries local DNS that returns an AGW's IP address
based on load balance algorithm in the DNS server.
• The AGW is in the path of initial EAP Access Authentication and authorization
• The AGW stores User Profile and other information during Successful Access Authentication
5
Option 2: AGW is separate from LAAA
6. EAP-Methods Exchanges
AT SRNC LAAA
1. UMB Session Setup
AGW
14. IP Address Assignment and Configuration
13. PMIP/GRE Tunnel Establishment(User ID, GRE)
10. Link ID
12. DAP Move Request and Assignment
11. Presents IP Interface
to Upper Layers
HAAA
2. EAP Identity Request
3. EAP Identity Response
DAP
4. DIAMETER-EAP-Request [EAP Identity Request] 5. DIAMETER-EAP-Request [EAP Identity Request]
7. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, User Profile, MIPv6 HA IP Address, DSRK]
8. DIAMETER-EAP-Answer [EAP Success][MSK, QoS User Profile, PMN-HA Key]
9. EAP Success
15. User Profile/QoS User Profile
Updates
16. User Profile, QoS User Profile17. User Profile, QoS User Profile
13. Diameter Request (AGW Capability)
13'. Diameter Answer (User Profile, MIPv6 HA IP
address, PMN-HA Key)
18. QoS User Profile
6
Option 2 Highlights
• LAAA and AGW can be different physical entities
• AGW can be dynamically selected based on loading:– The eBS queries local DNS that returns an AGW's IP address
based on load balance algorithm in the DNS server.
• LAAA stores User Profile and other information during Successful Access Authentication
• The AGW retrieves User Profile and other information from LAAA triggered by AN-AGW PMIP tunnel establishment
7
Recommendations
• Review and discuss which option should be adopted
• Stage 3 will follow up