Mercurial > hg > ietf
comparison draft-ietf-dime-erp-05.xml @ 56:067a0092bb64
Fix version number
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Fri, 22 Oct 2010 15:47:25 +0900 |
| parents | 4890fc91096d |
| children | b2ed5f2fcd30 |
comparison
equal
deleted
inserted
replaced
| 55:4890fc91096d | 56:067a0092bb64 |
|---|---|
| 22 <?rfc compact="yes"?> | 22 <?rfc compact="yes"?> |
| 23 <?rfc subcompact="no"?> | 23 <?rfc subcompact="no"?> |
| 24 <?rfc rfcedstyle="yes"?> | 24 <?rfc rfcedstyle="yes"?> |
| 25 <?rfc rfcprocack="no"?> | 25 <?rfc rfcprocack="no"?> |
| 26 <?rfc tocindent="yes"?> | 26 <?rfc tocindent="yes"?> |
| 27 <rfc category="std" docName="draft-ietf-dime-erp-04.txt" ipr="trust200902"> | 27 <rfc category="std" docName="draft-ietf-dime-erp-05.txt" ipr="trust200902"> |
| 28 <front> | 28 <front> |
| 29 <title abbrev="Diameter ERP Application">Diameter Support for the EAP | 29 <title abbrev="Diameter ERP Application">Diameter Support for the EAP |
| 30 Re-authentication Protocol (ERP)</title> | 30 Re-authentication Protocol (ERP)</title> |
| 31 | 31 |
| 32 <author fullname="Julien Bournelle" initials="J." surname="Bournelle"> | 32 <author fullname="Julien Bournelle" initials="J." surname="Bournelle"> |
| 405 operations: <list> | 405 operations: <list> |
| 406 <t>Set the Application Id back to Diameter ERP application Id | 406 <t>Set the Application Id back to Diameter ERP application Id |
| 407 (code TBD)</t> | 407 (code TBD)</t> |
| 408 | 408 |
| 409 <t>Extract and cache the content of the Key AVP with Key-Type set | 409 <t>Extract and cache the content of the Key AVP with Key-Type set |
| 410 to rRK, as described in implicit scenario. </t> | 410 to rRK, as described in implicit scenario.</t> |
| 411 </list> The ERP/DEA message is then forwarded to the authenticator, | 411 </list> The ERP/DEA message is then forwarded to the authenticator, |
| 412 that can use the rMSK as described in <xref target="RFC5296">RFC | 412 that can use the rMSK as described in <xref target="RFC5296">RFC |
| 413 5296</xref>. <vspace blankLines="1" /> The figure below captures this | 413 5296</xref>. <vspace blankLines="1" /> The figure below captures this |
| 414 proxy behavior: <figure align="center" anchor="FigExplicit" | 414 proxy behavior: <figure align="center" anchor="FigExplicit" |
| 415 title="ERP Explicit Bootstrapping Message Flow"> | 415 title="ERP Explicit Bootstrapping Message Flow"> |
| 492 <t hangText="FFS:"><vspace blankLines="0" /> What about | 492 <t hangText="FFS:"><vspace blankLines="0" /> What about |
| 493 Session-ID AVP ?</t> | 493 Session-ID AVP ?</t> |
| 494 </list></t> | 494 </list></t> |
| 495 | 495 |
| 496 <t>The Auth-Request-Type AVP content is set to [Editor's note: FFS | 496 <t>The Auth-Request-Type AVP content is set to [Editor's note: FFS |
| 497 -- cf. open issues]. </t> | 497 -- cf. open issues].</t> |
| 498 | 498 |
| 499 <t>The EAP-Payload AVP contains the EAP-Initiate/Re-Auth | 499 <t>The EAP-Payload AVP contains the EAP-Initiate/Re-Auth |
| 500 message.</t> | 500 message.</t> |
| 501 </list> Then this ERP/DER message is sent as described in <xref | 501 </list> Then this ERP/DER message is sent as described in <xref |
| 502 target="Overview"></xref>. <vspace blankLines="1" /> The ER server | 502 target="Overview"></xref>. <vspace blankLines="1" /> The ER server |
| 610 or do we use first Authenticate-Only with ER server, then | 610 or do we use first Authenticate-Only with ER server, then |
| 611 Authorize-Only with home domain (and in that case how does the ER | 611 Authorize-Only with home domain (and in that case how does the ER |
| 612 authenticator learn what the home domain is?)</t> | 612 authenticator learn what the home domain is?)</t> |
| 613 | 613 |
| 614 <t>how does the peer learn the ERP domain of the new authenticator | 614 <t>how does the peer learn the ERP domain of the new authenticator |
| 615 -- this is being addressed in HOKEY architecture draft; </t> | 615 -- this is being addressed in HOKEY architecture draft;</t> |
| 616 | 616 |
| 617 <t>how does the home server reachs the peer to for example terminate | 617 <t>how does the home server reachs the peer to for example terminate |
| 618 the session if there is no notification sent to the home domain;</t> | 618 the session if there is no notification sent to the home domain;</t> |
| 619 </list><vspace blankLines="1" /> Another issue concerns the case where | 619 </list><vspace blankLines="1" /> Another issue concerns the case where |
| 620 the home realm contains several EAP servers. In multi rounds full EAP | 620 the home realm contains several EAP servers. In multi rounds full EAP |