170 likes | 377 Views
Data Objects and Message Types. 49 th IETF AAAarch Research Group David Spence Interlink Networks. Service request/reply Authorization request/reply Solicit Service Offer request/reply Authentication request/reply Authentication Challenge request/reply Policy request/reply
E N D
Data Objects and Message Types 49th IETF AAAarch Research Group David Spence Interlink Networks
Service request/reply Authorization request/reply Solicit Service Offer request/reply Authentication request/reply Authentication Challenge request/reply Policy request/reply Policy Evaluation request/reply Data request/reply Event Log indication/confirmation Accounting indication/confirmation Service (session) Configuration indication/confirmation Service (session) Management indication/confirmation Capability request/reply (supports resource discovery) Message Types
Identity Authentication Data Authentication Challenge Service Data Service Offer Answer Error Policy Policy Reference Policy Data Configuration Data Service Management Accounting Event Capability Top Level Objects
Service request/reply • A Service Request is a request to provide some service. It may be passed through a chain of AAA entities depending on whether the push, pull, or agent model is being used. Implicit in a request for service is a request for authentication and authorization. Typical top level objects carried in a Service Request include: • Identity • Authentication Data • Service Data or Service Specification Policy • Policy Data • A Service Reply is returned back down the chain. It may be positive or negative. If positive, it might contain objects such as: • Answer (= Yes) • Service Data (the negotiated service parameters) • Configuration Data (to be sent to the service equipment) • If the reply is negative it might contain objects such as: • Answer (= No) • Error • Service Offer
Authorization request/reply • An Authorization Request seeks to know if a specified service is authorized. Typical top level objects include: • Identity • Service Data or Service Specification Policy • Policy Data • An Authorization Reply might contain: • Answer • Error
Solicit Service Offer request/reply • A Solicit Service Offer Request is sent to discover what service parameters are supported by a service provider. It may be sent through a broker. It might contain the following object to indicate in broadest terms what type of service is of interest: • Service Data • The Solicit Service Offer Reply would contain the following object: • Service Offer
Authentication request/reply • An Authentication Request is sent to an AAA server to request it to authenticate a user or to forward the request to an AAA server that can. The Authentication Request might contain: • Identity • Authentication Data • The Authentication Reply might simply contain: • Answer
Authentication Challenge request/reply • The Authentication Challenge Request is sent toward a user to support challenge type authentication algorithms. It would contain the following object: • Authentication Challenge • The Authentication Challenge Reply would contain: • Authentication Data
Policy request/reply • The Policy Request is sent to an AAA server to obtain a remote policy. It would contain: • Policy Reference • The Policy Reply would contain: • Policy
Policy Evaluation request/reply • The Policy Evaluation Request is sent to an AAA server to request it to evaluate a policy. It would contain: • Policy, or • Policy Reference, and possibly • Policy Data • Policy Evaluation Reply would contain: • Answer • Service Data (optional) • Configuration Data (optional)
Data request/reply • A Data Request is sent to retrieve policy data from a remote AAA server. It would contain the following object to specify the data elements it wants to retrieve. However, no data values would be given: • Policy Data • The reply would return the object with the values filled in. • Policy Data
Event Log indication/confirmation • An Event Log Indication is sent to request another AAA server to log an event. It contains: • Event • The Event Log Confirmation contains: • Answer • Error (if Answer=No)
Accounting indication/confirmation • An Accounting Indication is sent to an Accounting server. It may be forwarded through a proxy or broker. It contains: • Accounting • An Accounting Confirmation is returned to indicate that the accounting data has been committed to stable storage. It contains: • Answer • Error (if Answer=No)
Service Configuration indication/confirmation • A Service Configuration Indication may be sent to a Service Provider to suggest configuration parameters for the service to be provided. It contains: • Configuration Data • A Service Configuration Confirmation contains: • Answer • Error (If Answer=No) • Note: Is Service Configuration really needed or will Service request/reply suffice?
Service Management indication/confirmation • The Service Management Indication is sent to the Service Provider AAA Server to manage a service pending or in progress. It may contain the following objects: • Service Management • Service Data (optional) • Configuration Data (optional) • Management operations include: • Service termination • Modifying service parameters • The Service Management Confirmation contains: • Answer • Error (if Answer=No)
Capability request/reply • The Capability Request seeks to discover the capabilities or roles of an AAA server. It contains: • Capability • The Capability Reply contains: • Capability