Mercurial > hg > ietf
comparison draft-ietf-dime-erp-05.xml @ 56:067a0092bb64
Fix version number
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Fri, 22 Oct 2010 15:47:25 +0900 |
parents | 4890fc91096d |
children | b2ed5f2fcd30 |
comparison
equal
deleted
inserted
replaced
55:4890fc91096d | 56:067a0092bb64 |
---|---|
22 <?rfc compact="yes"?> | 22 <?rfc compact="yes"?> |
23 <?rfc subcompact="no"?> | 23 <?rfc subcompact="no"?> |
24 <?rfc rfcedstyle="yes"?> | 24 <?rfc rfcedstyle="yes"?> |
25 <?rfc rfcprocack="no"?> | 25 <?rfc rfcprocack="no"?> |
26 <?rfc tocindent="yes"?> | 26 <?rfc tocindent="yes"?> |
27 <rfc category="std" docName="draft-ietf-dime-erp-04.txt" ipr="trust200902"> | 27 <rfc category="std" docName="draft-ietf-dime-erp-05.txt" ipr="trust200902"> |
28 <front> | 28 <front> |
29 <title abbrev="Diameter ERP Application">Diameter Support for the EAP | 29 <title abbrev="Diameter ERP Application">Diameter Support for the EAP |
30 Re-authentication Protocol (ERP)</title> | 30 Re-authentication Protocol (ERP)</title> |
31 | 31 |
32 <author fullname="Julien Bournelle" initials="J." surname="Bournelle"> | 32 <author fullname="Julien Bournelle" initials="J." surname="Bournelle"> |
405 operations: <list> | 405 operations: <list> |
406 <t>Set the Application Id back to Diameter ERP application Id | 406 <t>Set the Application Id back to Diameter ERP application Id |
407 (code TBD)</t> | 407 (code TBD)</t> |
408 | 408 |
409 <t>Extract and cache the content of the Key AVP with Key-Type set | 409 <t>Extract and cache the content of the Key AVP with Key-Type set |
410 to rRK, as described in implicit scenario. </t> | 410 to rRK, as described in implicit scenario.</t> |
411 </list> The ERP/DEA message is then forwarded to the authenticator, | 411 </list> The ERP/DEA message is then forwarded to the authenticator, |
412 that can use the rMSK as described in <xref target="RFC5296">RFC | 412 that can use the rMSK as described in <xref target="RFC5296">RFC |
413 5296</xref>. <vspace blankLines="1" /> The figure below captures this | 413 5296</xref>. <vspace blankLines="1" /> The figure below captures this |
414 proxy behavior: <figure align="center" anchor="FigExplicit" | 414 proxy behavior: <figure align="center" anchor="FigExplicit" |
415 title="ERP Explicit Bootstrapping Message Flow"> | 415 title="ERP Explicit Bootstrapping Message Flow"> |
492 <t hangText="FFS:"><vspace blankLines="0" /> What about | 492 <t hangText="FFS:"><vspace blankLines="0" /> What about |
493 Session-ID AVP ?</t> | 493 Session-ID AVP ?</t> |
494 </list></t> | 494 </list></t> |
495 | 495 |
496 <t>The Auth-Request-Type AVP content is set to [Editor's note: FFS | 496 <t>The Auth-Request-Type AVP content is set to [Editor's note: FFS |
497 -- cf. open issues]. </t> | 497 -- cf. open issues].</t> |
498 | 498 |
499 <t>The EAP-Payload AVP contains the EAP-Initiate/Re-Auth | 499 <t>The EAP-Payload AVP contains the EAP-Initiate/Re-Auth |
500 message.</t> | 500 message.</t> |
501 </list> Then this ERP/DER message is sent as described in <xref | 501 </list> Then this ERP/DER message is sent as described in <xref |
502 target="Overview"></xref>. <vspace blankLines="1" /> The ER server | 502 target="Overview"></xref>. <vspace blankLines="1" /> The ER server |
610 or do we use first Authenticate-Only with ER server, then | 610 or do we use first Authenticate-Only with ER server, then |
611 Authorize-Only with home domain (and in that case how does the ER | 611 Authorize-Only with home domain (and in that case how does the ER |
612 authenticator learn what the home domain is?)</t> | 612 authenticator learn what the home domain is?)</t> |
613 | 613 |
614 <t>how does the peer learn the ERP domain of the new authenticator | 614 <t>how does the peer learn the ERP domain of the new authenticator |
615 -- this is being addressed in HOKEY architecture draft; </t> | 615 -- this is being addressed in HOKEY architecture draft;</t> |
616 | 616 |
617 <t>how does the home server reachs the peer to for example terminate | 617 <t>how does the home server reachs the peer to for example terminate |
618 the session if there is no notification sent to the home domain;</t> | 618 the session if there is no notification sent to the home domain;</t> |
619 </list><vspace blankLines="1" /> Another issue concerns the case where | 619 </list><vspace blankLines="1" /> Another issue concerns the case where |
620 the home realm contains several EAP servers. In multi rounds full EAP | 620 the home realm contains several EAP servers. In multi rounds full EAP |