[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Radius-Geopriv: When to send location info?

To: radiusext@ops.ietf.org, geopriv@ietf.org
Subject: Radius-Geopriv: When to send location info?
From: Tschofenig Hannes <hannes.tschofenig@siemens.com>
Date: Wed, 2 Mar 2005 11:21:55 +0100

hi all, 

please take a look at the following issue raised by lionel and bernard:

[Lionel:]

- It is not described whether this location information will be included in
every access-request  or only when some criteria are met e.g. based on a
given realm. It'd be intersting to spell out  these criteria. 
- If the use of location info in access-request could be optional, a COA
explicitly requesting  this info (when not received in the initial
access-request) could be used by the Home RADIUS  server.

How does the AAA server instruct the access network to send location
information attributes within  the new Access-Request? Is there any specific
attribute in the COA indicating that the location  information is requested?
Or do you assume that any Access-Request sent by the NAS will contain  the
location information attribute and so case 1 and 2 are the same?


[Bernard:]

RFC 3576 does not use attributes in the CoA-Request in order to request
attributes in a subsequent  Access-Request.  Nor does it make sense to
include location attributes in a CoA-Request.  The  session to which the CoA
applies is not selected using location attributes, nor is the request  that
the NAS change its location -- "Please move NAS17483 to Cleveland, Ohio."

[Avi]
I agree with Bernard, and we don't send location attributes to the NAS in
COA Request.

I think that the text is confusing:

   "The COA message may instruct the access
   network to generate an Authorize-Only Access-Request (Access-Request
   with Service-Type set to "Authorize-Only") in which case it is
   instructing the access network to send the location information
   attributes."

May be we should say:

   "The COA message may instruct the access
   network to generate an Authorize-Only Access-Request (Access-Request
   with Service-Type set to "Authorize-Only") in which case the NAS 
   MUST include the location infromation in this Access-Request."
 
[Bernard:]

Is there a way for the AAA server to indicate to the access network that the
request failed  because the location information is missing?

[Lionel:]

See RFC 3576 Error-Cause attribute, value 402 (Missing Attribute)


[Avi]

I don't think that we can use the Error-Cause attribute.  It is only
available in COA ACK/NAK  messages. So the AAA has no way to tell the NAS
that it is missing the location attribute. I don't  think that this
attribute can be placed in an Access-Reject message.
What do you think Bernard? 

[hannes] to me it seems reasonable not to include location information with
every request. a  visited network which knows that it has to send location
information to a particular home network  might do so. i also think that it
would be good to have an error attribute to indicate that it was  not
possible to authorize the user properly based on the missing location
information. 

we have added the usage of the error-cause attribute. within the iana
section we need to register  a new type:

"
15.2  Error-Cause Attribute

   The authors also request that IANA assign a new value for the
   Error-Cause attribute [5], of "Location-Info-Required" TBA.
"

minor text adjustments can be found within the recent draft version. 

ciao
hannes

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Radius-Geopriv: When to send location info?
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Radius-Geopriv: Whose location?
Next by Date: Radius-Geopriv: Who adds location information
Previous by thread: Radius-Geopriv: Whose location?
Next by thread: Re: Radius-Geopriv: When to send location info?
Index(es):
- Date
- Thread