[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: QoS attributes



Ed:

Where did you see that COPS is being proposed to be used as an
authentication/authorization mechanisms? No one is saying this.

COPS and AAA are dealing with two different things. The implications of
John and my agreement are as follows:

1. AAA is used for authentication and authorization of all resources
including QoS.

2. COPS is used as a policy distribution protocol including QoS.

It would be interesting to see how COPS and AAA are used to complement
each other. We can write BCP drafts showing their use cases because I
believe that we do need any extensions in protocols to do so (e.g., you
have shown one way of doing it).

Hope this clarifies the things.

br,
Radhika

-----Original Message-----
From: Ed Van Horne [mailto:evh@cisco.com]
Sent: Wednesday, January 07, 2004 6:22 PM
To: Roy, Radhika R, ALABS; john.loughney@nokia.com
Cc: avi@bridgewatersystems.com; dnelson@enterasys.com;
radiusext@ops.ietf.org
Subject: RE: QoS attributes


I am not quite clear on how COPS is used as an authentication mechanism.
It seems to me that AAA is primarily about authentication (with
attributes, such as QoS, authorizing use of features by the session as a
whole) and COPS is about authorizing the features for the session on the
various network element that implement them. It is true that COPS needs
a way to determine the identity of the authorizer, but this would be the
'identity' of the AAA server, not the individual user.

Maybe that is what John meant, but it was not entirely clear to me.

Regards,
Ed

Ed Van Horne 
Building Broadband Solutions Unit - San Diego 
Cisco Systems 
10935 Vista Sorrento Parkway 
San Diego, CA 92130 
858.526.1152 


-----Original Message-----
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org]
On Behalf Of Roy, Radhika R, ALABS
Sent: Wednesday, January 07, 2004 12:47 PM
To: john.loughney@nokia.com
Cc: avi@bridgewatersystems.com; dnelson@enterasys.com;
radiusext@ops.ietf.org
Subject: RE: QoS attributes


Hi, John:

I agree with you completely.

Now, it provides a clear direction how we should proceed with QoS
attributes in AAA (RADIUS/DIAMETER).

More importantly, this shows how both AAA (RADIUS/DIAMETER) and COPS
complement each other.

br,
Radhika

-----Original Message-----
From: john.loughney@nokia.com [mailto:john.loughney@nokia.com]
Sent: Wednesday, January 07, 2004 6:23 AM
To: Roy, Radhika R, ALABS
Cc: avi@bridgewatersystems.com; dnelson@enterasys.com;
radiusext@ops.ietf.org
Subject: RE: QoS attributes


Radhika,

> I think that COPS is a policy protocol, and policies related
> to QOS can also be used for distribution and enforcements. 
> Similar may also be the case for security and accounting.

Agreed.
 
> However, DIAMETER/RADIUS is also used for authentication,
> authorization, and accounting (AAA).

Agreed.
 
> Here are the interesting points:
> 
> 1. COPS for policies of authentication, authorization, and
> accounting including QOS.

OK.
 
> 2. DIAMETER/RADIUS for offering actual services for
> authentication, authorization, and accounting including QoS.

This I am not so sure of.  I've always thought that Diameter / 
RADIUS can be used to authorize QoS services.  For example, if I've
subscribed to a service with Real-time QoS, Diameter could be used to
authorize my use of such a service.  If I request a service that I am
not allowed to, then the authorization would fail.

> In item 2, I am lacking clear wordings here.
> 
> The question is this: Can we not develop standards
> complementing both COPS and DIAMETER/RADIUS as they are also 
> a part of IETF standard protocols?

Taking a systematic view, I would think that AAA protocols can do the
authorization & accounting side of any QoS-aware services. COPS can be
used inside of the network to transport QoS policies to the enforcement
points, to ensure that QoS parameters are not exceded. 

John

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>