[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 238: Identification of multiple sessions

To: <radiusext@ops.ietf.org>
Subject: RE: Issue 238: Identification of multiple sessions
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Mon, 4 Jun 2007 11:09:01 -0400
In-reply-to: <BAY117-W281D9895E4ECA0D30715293210@phx.gbl>
Organization: Elbrys Networks, Inc.
References: <BAY117-W281D9895E4ECA0D30715293210@phx.gbl>

> "
>      State changes resulting from a CoA-Request MUST be atomic: if the
>      CoA-Request is successful for all matching sessions, the Dynamic 
>      Authorization Server MUST send a CoA-ACK in reply, and all 
>      requested authorization changes MUST be made.  If the CoA-Request 
>      is unsuccessful for any matching sessions, a CoA-NAK MUST
>      be sent in reply, and the requested authorization changes MUST NOT
>      be made for any of the matching sessions.  Similarly, a state change 
>      MUST NOT occur as a result of a Disconnect-Request that is
>      Unsuccessful with respect to any of the matching sessions; a 
>      Dynamic Authorization Server MUST send a Disconnect-NAK in reply
>	if any of the matching sessions cannot be successfully terminated.
>"

That works. As I indicated in a previous reply, it leaves the Dynamic Access
Client wondering why it failed.  Since there may be a session that DAC
doesn't know about that is causing the failure, the DAC is left with only so
many options as to a course of corrective action.  It might retry the
request with a more specific set of session identification attributes.

I don't think solving this issue is within the scope of RFC3575bis, unless
we want to crate a new error code that indicates something about the session
that failed to be affected.

>" 
>   In Disconnect-Request and CoA-Request packets, certain attributes are
>   used to uniquely identify the NAS as well as user session(s) on the
>   NAS.  All NAS and session identification identification attributes 

s/identification identification/identification/

>   included in a CoA-Request or Disconnect-Request packet MUST match 
>   at least one session in order for a Request to be successful; otherwise 
>   a Disconnect-NAK or CoA-NAK MUST be sent.  If all NAS identification
>   attributes match and more than one session matches all of the 

s/match/match,/

>   session identification attributes, then a CoA-Request or Disconnect-
>   Request MUST apply to all matching sessions.
>
>   Identification attributes include NAS and session identification
>   attributes, as described below."


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Issue 238: Identification of multiple sessions
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: RE: Proposed Resolution of Issue 234: Attribute Restriction
Next by Date: RE: Determining WG consensus on Issue 226: RFC 3576bis and Renumbering
Previous by thread: Issue 238: Identification of multiple sessions
Next by thread: RE: Issue 238: Identification of multiple sessions
Index(es):
- Date
- Thread