📄 rfc3127.txt
字号:
Network Working Group D. Mitton
Request for Comments: 3127 Nortel Networks
Category: Informational M. St.Johns
Rainmaker Technologies
S. Barkley
UUNET
D. Nelson
Enterasys Networks
B. Patil
Nokia
M. Stevens
Ellacoya Networks
B. Wolff
Databus Inc.
June 2001
Authentication, Authorization, and Accounting:
Protocol Evaluation
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This memo represents the process and findings of the Authentication,
Authorization, and Accounting Working Group (AAA WG) panel evaluating
protocols proposed against the AAA Network Access Requirements, RFC
2989. Due to time constraints of this report, this document is not
as fully polished as it might have been desired. But it remains
mostly in this state to document the results as presented.
Mitton, et al. Informational [Page 1]
RFC 3127 AAA Protocol Evaluation Process June 2001
Table of Contents
1. Process Description . . . . . . . . . . . . . . . . . . . . . .3
1.1 WG Co-Chair's Note . . . . . . . . . . . . . . . . . . . . . .3
1.2 Chairman's Note . . . . . . . . . . . . . . . . . . . . . . . .4
1.3 Members Statements . . . . . . . . . . . . . . . . . . . . . .4
1.4 Requirements Validation Process . . . . . . . . . . . . . . . .6
1.5 Proposal Evaluation . . . . . . . . . . . . . . . . . . . . . .7
1.6 Final Recommendations Process . . . . . . . . . . . . . . . . .7
2. Protocol Proposals . . . . . . . . . . . . . . . . . . . . . . .8
3. Item Level Compliance Evaluation . . . . . . . . . . . . . . . 8
3.1 General Requirements . . . . . . . . . . . . . . . . . . . . . 9
3.2 Authentication Requirements. . . . . . . . . . . . . . . . . .11
3.3 Authorization Requirements . . . . . . . . . . . . . . . . . .12
3.4 Accounting Requirements . . . . . . . . . . . . . . . . . . .12
3.5 MOBILE IP Requirements . . . . . . . . . . . . . . . . . . . .13
4. Protocol Evaluation Summaries . . . . . . . . . . . . . . . . .14
4.1 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
4.2 Radius++ . . . . . . . . . . . . . . . . . . . . . . . . . . .14
4.3 Diameter . . . . . . . . . . . . . . . . . . . . . . . . . . .14
4.4 COPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
4.5 Summary Recommendation . . . . . . . . . . . . . . . . . . .14
5. Security Considerations . . . . . . . . . . . . . . . . . . . .14
6. References . . . . . . . . . . . . . . . . . . . . . . . . . .15
7. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . .15
A. Appendix A - Summary Evaluations . . . . . . . . . . . . . . .17
B. Appendix B - Review of the Requirements . . . . . . . . . . . .18
B.1 General Requirements. . . . . . . . . . . . . . . . . . . . . .18
B.2 Authentication Requirements . . . . . . . . . . . . . . . . . .19
B.3 Authorization Requirements. . . . . . . . . . . . . . . . . . .19
B.4 Accounting Requirements . . . . . . . . . . . . . . . . . . . .20
C. Appendix C - Position Briefs . . . . . . . . . . . . . . . . .21
C.1 SNMP PRO Evaluation . . . . . . . . . . . . . . . . . . . . .21
C.2 SNMP CON Evaluation . . . . . . . . . . . . . . . . . . . . .28
C.3 RADIUS+ PRO Evaluation . . . . . . . . . . . . . . . . . . . .33
C.4 RADIUS+ CON Evaluation . . . . . . . . . . . . . . . . . . . .37
C.5 Diameter PRO Evaluation . . . . . . . . . . . . . . . . . . .44
C.6 Diameter CON Evaluation . . . . . . . . . . . . . . . . . . .50
C.7 COPS PRO Evaluation . . . . . . . . . . . . . . . . . . . . .55
C.8 COPS CON Evaluation . . . . . . . . . . . . . . . . . . . . .59
D. Appendix D - Meeting Notes . . . . . . . . . . . . . . . . . .66
D.1 Minutes of 22-Jun-2000 Teleconference . . . . . . . . . . . .66
D.2 Minutes of 27-Jun-2000 Teleconference . . . . . . . . . . . .68
D.3 Minutes of 29-Jun-2000 Teleconference . . . . . . . . . . . .73
D.4 Minutes of 06-Jul-2000 Teleconference . . . . . . . . . . . .78
D.5 Minutes of 11-Jul-2000 Teleconference . . . . . . . . . . . .80
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . .84
Mitton, et al. Informational [Page 2]
RFC 3127 AAA Protocol Evaluation Process June 2001
1. Process Description
Due to time constraints, the original draft of this document was
rushed to meet the publication deadline of the June 2000 Pittsburgh
meeting. Since the meeting has passed, we do not wish to
substantially revise the findings within this document, so that we
don't give the appearance of changing information after the
presentation. Only additional descriptions of the process,
formatting, layout editing and errors of fact have been corrected in
subsequent revisions.
1.1. WG Co-Chair's Note:
After the AAA WG re-charter was approved, and the Network Access
Requirements document passed AAA WG Last Call, a Solicitation of
Protocol Submissions was issued on 4/13/2000. The Solicitation was
sent to the AAA WG mailing list, as well as to other IETF WG mailing
lists related to AAA, including NASREQ, Mobile IP, RAP, and SNMPv3.
Submissions were solicited effective immediately. Authors of
candidate protocols were requested to notify the AAA WG chairs of
their intent to submit a candidate protocol. It was suggested that
this notification be sent by May 1, 2000.
Protocol submissions and compliance description documents were to be
submitted in Internet Draft format by email to internet-
drafts@ietf.org. The deadline for submissions was June 1, 2000. To
be considered as a candidate, submissions needed to include an
unqualified RFC 2026 statement, as described at:
http://www.ietf.org/Sec10.txt
In order to assist the AAA WG in evaluating the protocol submissions
and compliance description documents, the AAA WG chairs then formed
an evaluation team, which was announced on May 20, 2000. The job of
the team was be to put together an Internet Draft documenting their
evaluation of the protocol submissions. The goal is to have a first
draft available prior to the July 14, 2000 submission deadline for
IETF 48.
In composing the evaluation draft, the evaluation team was asked to
draw from the protocol specifications, the compliance descriptions,
and other relevant documents, the Network Access Requirements
document, RFC 2989.
Mike St. Johns was asked to chair the evaluation team. The chairs of
WGs related to AAA were also invited to join the team. These
included Dave Mitton, co-chair of NASREQ WG, Basavaraj Patil, co-
chair of Mobile IP WG, and Mark Stevens, co-chair of the RAP WG.
Mitton, et al. Informational [Page 3]
RFC 3127 AAA Protocol Evaluation Process June 2001
Additional members of the evaluation team were chosen to represent
the interests of network operators as well as developers of AAA
client and server software.
As usual, the IESG advised the evaluation team. IESG advisors
included Randy Bush and Bert Wijnen, Directors of the Operations and
Management Area.
1.2. Chairman's Note:
This document is the result of 6 weeks of intense work by the panel
listed below. Our mission was to evaluate the various AAA proposals
and provide recommendations to the AAA working group and to the IESG
on the viability of each of the proposals.
The evaluation process had three distinct phases. 1) Validate the
AAA requirements document [AAAReqts] against the base requirements
documents for NASREQ, MOBILEIP and ROAMOPS. 2) Evaluate each of the
SNMP, Radius++, Diameter and COPS proposal claims against the
validated requirements. 3) Provide final recommendations based on
side by side comparison for each proposal on a requirement by
requirement basis.
In general, the ONLY information the evaluators were allowed to use
throughout the process was that provided in the source documents (the
requirements document and the proposal) or documents referenced by
the source documents. In other words, if it wasn't written down, it
generally didn't exist. Our cutoff for acceptance of information was
1 June 2000 - any submissions after that time were not considered in
the panel's deliberations.
1.3. Members Statements
The group was chaired by Michael St.Johns. David Mitton was the
document editor. Following are the background statements and any
conflicts of interest from them and the rest of the panel.
Michael St. Johns, Rainmaker Technologies
I have no known conflicts of interest with respect to the AAA
process. I have neither advocated nor participated in the creation
of any of the submissions. My company is a service company (ISP) and
will not be involved in the manufacture or sale of AAA enabled
products. Other than my participation as the chair of the AAA
evaluation process, I have not had any contact with the AAA standards
process.
Mitton, et al. Informational [Page 4]
RFC 3127 AAA Protocol Evaluation Process June 2001
David Mitton, Nortel Networks
I have been Nasreq WG co-chair and author of several Nasreq drafts.
As well as, previously contributed to several RADIUS drafts.
I have been a RADIUS NAS implementor and Technical Prime on our
Server products, so know it extremely well. In my current job role I
am involved with Nortel's IP Mobility products, which support
Diameter.
I have written a presentation on COPS vs NASreq Requirements for a
Nasreq meeting, but have not implemented it, nor consider myself an
through expert on the subject.
Stuart Barkley, UUNET
I've been working for 5 years at UUNET on various parts of our dialup
network. I have extensive experience with designing, developing and
operating our SNMP based usage data gathering system. I've also been
involved in our radius based authentication and authorization systems
in an advisory position.
I've participated in radius/roamops/nasreq/aaa groups for the past
several years. I'm not an author or contributer on any of the
requirements or protocol documents being presented although I have
been peripherally involved in these working groups.
Dave Nelson, Enterasys Networks
Very active in the RADIUS WG, especially during the early years. No
involvement in the AAA submission. Have not contributed to the
development of Diameter.
No involvement with SNMPv3 or the AAA submission. David Harrington,
a proponent, works in a different group within my company. We have
not discussed the submission. No involvement with the COPS protocol.
Basavaraj Patil, Nokia
I am a contributor to the AAA requirements document (RFC 2977)
submitted by the Mobile IP WG. I was a member of the team that was
constituted to capture the Mobile IP requirements for AAA services.
As part of the co-chairing activity of the Mobile IP WG I have
realized the need for AAA services by Mobile IP and hence closely
followed the work done in the AAA WG, RADIUS, RoamOps and TR45.6.
Mitton, et al. Informational [Page 5]
RFC 3127 AAA Protocol Evaluation Process June 2001
My present work at Nokia does involve looking at AAA protocols (to
some extent at least) for use in wireless networks. I have also done
some work with AAA protocols such as Diameter in my previous job at
Nortel Networks.
Mark Stevens, Ellacoya Networks
I am the co-chair of the IETF RAP working group which is the working
group that has developed the COPS protocol. I have not contributed
to the documents describing how COPS can satisfy AAA requirements.
I participated in early AAA working group meetings, but have not been
an active participant since the group's rechartering. The company
that currently employees me builds devices might benefit from being
AAA enabled.
Barney Wolff, Databus Inc.
I have implemented RADIUS client, proxy and server software, under
contract to AT&T. That software is owned by AT&T and I have no
financial interest in it.
I have been a member of the RADIUS WG for several years, and consider
myself an advocate for RADIUS against what I consider unjustified
attacks on it.
I've never worked for any of the companies whose staff have produced
any of the proposals, although I obviously might at some future time.
1.4. Requirements Validation Process
For each of the base requirements documents, the chair assigned a
team member to re-validate the requirement. The process was fairly
mechanical; the evaluator looked at what was said in [AAAReqts], and
verified that the references and supporting text in the basis
document supported the requirement in [AAAReqts] as stated. Where
the reference was wrong, too general, missing or otherwise did not
support the requirement, the evaluator either deleted or downgraded
the requirement. The results of that process were sent to the AAA
mailing list and are also included in this document in the
appendixes. The group's used [AAAReqts] as modified by our
validation findings to evaluate the AAA proposals.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -