data objects and message types
DESCRIPTION
Data Objects and Message Types. 49 th IETF AAAarch Research Group David Spence Interlink Networks. Service request/reply Authorization request/reply Solicit Service Offer request/reply Authentication request/reply Authentication Challenge request/reply Policy request/reply - PowerPoint PPT PresentationTRANSCRIPT
Data Objects and Message Types
49th IETF
AAAarch Research Group
David Spence
Interlink Networks
Message Types
• Service request/reply
• Authorization request/reply
• Solicit Service Offer request/reply
• Authentication request/reply
• Authentication Challenge request/reply
• Policy request/reply
• Policy Evaluation request/reply
• Data request/reply
• Event Log indication/confirmation
• Accounting indication/confirmation
• Service (session) Configuration indication/confirmation
• Service (session) Management indication/confirmation
• Capability request/reply (supports resource discovery)
Top Level Objects
• Identity
• Authentication Data
• Authentication Challenge
• Service Data
• Service Offer
• Answer
• Error
• Policy
• Policy Reference
• Policy Data
• Configuration Data
• Service Management
• Accounting
• Event
• Capability
Relation of Objects to Message Types
Service request/reply• A Service Request is a request to provide some service. It may
be passed through a chain of AAA entities depending on whether the push, pull, or agent model is being used. Implicit in a request for service is a request for authentication and authorization. Typical top level objects carried in a Service Request include:– Identity– Authentication Data– Service Data or Service Specification Policy– Policy Data
• A Service Reply is returned back down the chain. It may be positive or negative. If positive, it might contain objects such as:– Answer (= Yes)– Service Data (the negotiated service parameters)– Configuration Data (to be sent to the service equipment)
• If the reply is negative it might contain objects such as:– Answer (= No)– Error– Service Offer
Authorization request/reply
• An Authorization Request seeks to know if a specified service is authorized. Typical top level objects include:– Identity– Service Data or Service Specification Policy– Policy Data
• An Authorization Reply might contain:– Answer– Error
Solicit Service Offer request/reply
• A Solicit Service Offer Request is sent to discover what service parameters are supported by a service provider. It may be sent through a broker. It might contain the following object to indicate in broadest terms what type of service is of interest:– Service Data
• The Solicit Service Offer Reply would contain the following object:– Service Offer
Authentication request/reply
• An Authentication Request is sent to an AAA server to request it to authenticate a user or to forward the request to an AAA server that can. The Authentication Request might contain:– Identity– Authentication Data
• The Authentication Reply might simply contain:– Answer
Authentication Challenge request/reply
• The Authentication Challenge Request is sent toward a user to support challenge type authentication algorithms. It would contain the following object:– Authentication Challenge
• The Authentication Challenge Reply would contain:– Authentication Data
Policy request/reply
• The Policy Request is sent to an AAA server to obtain a remote policy. It would contain:– Policy Reference
• The Policy Reply would contain:– Policy
Policy Evaluation request/reply
• The Policy Evaluation Request is sent to an AAA server to request it to evaluate a policy. It would contain:– Policy, or – Policy Reference, and possibly– Policy Data
• Policy Evaluation Reply would contain:– Answer– Service Data (optional)– Configuration Data (optional)
Data request/reply
• A Data Request is sent to retrieve policy data from a remote AAA server. It would contain the following object to specify the data elements it wants to retrieve. However, no data values would be given:– Policy Data
• The reply would return the object with the values filled in.– Policy Data
Event Log indication/confirmation
• An Event Log Indication is sent to request another AAA server to log an event. It contains:– Event
• The Event Log Confirmation contains:– Answer– Error (if Answer=No)
Accounting indication/confirmation
• An Accounting Indication is sent to an Accounting server. It may be forwarded through a proxy or broker. It contains:– Accounting
• An Accounting Confirmation is returned to indicate that the accounting data has been committed to stable storage. It contains:– Answer– Error (if Answer=No)
Service Configuration indication/confirmation
• A Service Configuration Indication may be sent to a Service Provider to suggest configuration parameters for the service to be provided. It contains:– Configuration Data
• A Service Configuration Confirmation contains:– Answer– Error (If Answer=No)
• Note: Is Service Configuration really needed or will Service request/reply suffice?
Service Management indication/confirmation
• The Service Management Indication is sent to the Service Provider AAA Server to manage a service pending or in progress. It may contain the following objects:– Service Management
– Service Data (optional)
– Configuration Data (optional)
• Management operations include:– Service termination
– Modifying service parameters
• The Service Management Confirmation contains:– Answer
– Error (if Answer=No)
Capability request/reply
• The Capability Request seeks to discover the capabilities or roles of an AAA server. It contains:– Capability
• The Capability Reply contains:– Capability