Download - Data Objects and Message Types
![Page 1: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/1.jpg)
Data Objects and Message Types
49th IETF
AAAarch Research Group
David Spence
Interlink Networks
![Page 2: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/2.jpg)
Message Types
• Service request/reply
• Authorization request/reply
• Solicit Service Offer request/reply
• Authentication request/reply
• Authentication Challenge request/reply
• Policy request/reply
• Policy Evaluation request/reply
• Data request/reply
• Event Log indication/confirmation
• Accounting indication/confirmation
• Service (session) Configuration indication/confirmation
• Service (session) Management indication/confirmation
• Capability request/reply (supports resource discovery)
![Page 3: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/3.jpg)
Top Level Objects
• Identity
• Authentication Data
• Authentication Challenge
• Service Data
• Service Offer
• Answer
• Error
• Policy
• Policy Reference
• Policy Data
• Configuration Data
• Service Management
• Accounting
• Event
• Capability
![Page 4: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/4.jpg)
Relation of Objects to Message Types
![Page 5: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/5.jpg)
Service request/reply• A Service Request is a request to provide some service. It may
be passed through a chain of AAA entities depending on whether the push, pull, or agent model is being used. Implicit in a request for service is a request for authentication and authorization. Typical top level objects carried in a Service Request include:– Identity– Authentication Data– Service Data or Service Specification Policy– Policy Data
• A Service Reply is returned back down the chain. It may be positive or negative. If positive, it might contain objects such as:– Answer (= Yes)– Service Data (the negotiated service parameters)– Configuration Data (to be sent to the service equipment)
• If the reply is negative it might contain objects such as:– Answer (= No)– Error– Service Offer
![Page 6: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/6.jpg)
Authorization request/reply
• An Authorization Request seeks to know if a specified service is authorized. Typical top level objects include:– Identity– Service Data or Service Specification Policy– Policy Data
• An Authorization Reply might contain:– Answer– Error
![Page 7: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/7.jpg)
Solicit Service Offer request/reply
• A Solicit Service Offer Request is sent to discover what service parameters are supported by a service provider. It may be sent through a broker. It might contain the following object to indicate in broadest terms what type of service is of interest:– Service Data
• The Solicit Service Offer Reply would contain the following object:– Service Offer
![Page 8: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/8.jpg)
Authentication request/reply
• An Authentication Request is sent to an AAA server to request it to authenticate a user or to forward the request to an AAA server that can. The Authentication Request might contain:– Identity– Authentication Data
• The Authentication Reply might simply contain:– Answer
![Page 9: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/9.jpg)
Authentication Challenge request/reply
• The Authentication Challenge Request is sent toward a user to support challenge type authentication algorithms. It would contain the following object:– Authentication Challenge
• The Authentication Challenge Reply would contain:– Authentication Data
![Page 10: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/10.jpg)
Policy request/reply
• The Policy Request is sent to an AAA server to obtain a remote policy. It would contain:– Policy Reference
• The Policy Reply would contain:– Policy
![Page 11: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/11.jpg)
Policy Evaluation request/reply
• The Policy Evaluation Request is sent to an AAA server to request it to evaluate a policy. It would contain:– Policy, or – Policy Reference, and possibly– Policy Data
• Policy Evaluation Reply would contain:– Answer– Service Data (optional)– Configuration Data (optional)
![Page 12: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/12.jpg)
Data request/reply
• A Data Request is sent to retrieve policy data from a remote AAA server. It would contain the following object to specify the data elements it wants to retrieve. However, no data values would be given:– Policy Data
• The reply would return the object with the values filled in.– Policy Data
![Page 13: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/13.jpg)
Event Log indication/confirmation
• An Event Log Indication is sent to request another AAA server to log an event. It contains:– Event
• The Event Log Confirmation contains:– Answer– Error (if Answer=No)
![Page 14: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/14.jpg)
Accounting indication/confirmation
• An Accounting Indication is sent to an Accounting server. It may be forwarded through a proxy or broker. It contains:– Accounting
• An Accounting Confirmation is returned to indicate that the accounting data has been committed to stable storage. It contains:– Answer– Error (if Answer=No)
![Page 15: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/15.jpg)
Service Configuration indication/confirmation
• A Service Configuration Indication may be sent to a Service Provider to suggest configuration parameters for the service to be provided. It contains:– Configuration Data
• A Service Configuration Confirmation contains:– Answer– Error (If Answer=No)
• Note: Is Service Configuration really needed or will Service request/reply suffice?
![Page 16: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/16.jpg)
Service Management indication/confirmation
• The Service Management Indication is sent to the Service Provider AAA Server to manage a service pending or in progress. It may contain the following objects:– Service Management
– Service Data (optional)
– Configuration Data (optional)
• Management operations include:– Service termination
– Modifying service parameters
• The Service Management Confirmation contains:– Answer
– Error (if Answer=No)
![Page 17: Data Objects and Message Types](https://reader036.vdocument.in/reader036/viewer/2022082712/56813c44550346895da5c0f8/html5/thumbnails/17.jpg)
Capability request/reply
• The Capability Request seeks to discover the capabilities or roles of an AAA server. It contains:– Capability
• The Capability Reply contains:– Capability