[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Questions on RADIUS Extended attributes

To: radiusext@ops.ietf.org
Subject: Questions on RADIUS Extended attributes
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Tue, 15 Aug 2006 20:20:36 -0700
Bcc:

At IETF 66, we discussed how to extend the RADIUS attribute space. Theconsensus in the room as well as on the WG mailing list seems to be to focuson extending the space only, not adding functionality, along the lines thatAvi had proposed:


http://www.watersprings.org/pub/id/draft-lior-radius-attribute-type-extension-00.txt

During IETF 66, there was some sentiment that the RADIUS Extended attributeshould utilize a new RADIUS attribute value, rather than using a Vendor-Idvalue of zero (0) with the existing RADIUS VSA attribute (Type 26).

Taking that into account, find below a strawman proposal for what theExtended-Type attribute would look like.


Some questions:

a. Do we want an Extended-Type field of two or four octets? If it is fouroctets, this would seem to imply that RADIUS attributes and Diameter AVPsshare the same type space. Will this work? If it is two octets, we couldreserve 65535 values within the existing Diameter attribute space for RADIUSExtended-Type attributes. Opinions solicited.

b. Should the second length field include the Extended-Type field or not?If it is included and Extended-Type is 4 octets, then this implies that theValue field could only be 251 octets. If the second length field doesn'tinclude Extended-Type, it could be as long as 255 octets, but then we'd needto allow Extended-Type attributes to be split among multiple RADIUSattributes.

c. Should we allow multiple Extended-Type attributes to be placed inside asingle RADIUS attribute? This is OK for RADIUS VSAs, is there an issue here?



==================================================
Proposed Extended-Type Attribute Format


      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |    Length     |            Extended-Type
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
             Extended-Type           |    Length2    |    Value...
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

     Type

        TBD  (not 26)

     Length

        >= 7

     Extended-Type

        Four octets.

        Values <= 255: Reserved
        Values > 255:  To be allocated by IANA

     Length2

        0-255 (doesn't include the Extended-Type field)

     Value

        0 or more octets as defined by the Length2 field.

     More than one RADIUS Extended-Type attribute may be included within
     a RADIUS attribute of Type TBD.  If more than one RADIUS attribute
     of Type TBD is included, then they are to be concatenated (allowing
     an Extended-Type attribute to be split between two RADIUS attributes).



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Questions on RADIUS Extended attributes
  - From: "Alan DeKok" <aland@nitros9.org>

Prev by Date: Possible Resolution to Issue 198: Attribute Concatenation/Splitting
Next by Date: Re: Questions on RADIUS Extended attributes
Previous by thread: Possible Resolution to Issue 198: Attribute Concatenation/Splitting
Next by thread: Re: Questions on RADIUS Extended attributes
Index(es):
- Date
- Thread