DIAMETER ERP Julien Bournelle Sebastien Decugis Lionel Morand Qin Wu Glen Zorn

1
DIAMETER ERPJulien BournelleSebastien
DecugisLionel MorandQin WuGlen Zorn

• draft-ietf-dime-erp-02

2
Changelog Status

• From 00 to 01
• New Application ID for ERP (decided at IETF75)
• Renaming of the AVPs (EAP- to ERP-)
• From 01 to 02
• Changes in document authors
• Mainly editorial changes
• The document is in good shape
• But 2 important design issues are remaining
• Can we discuss these today ?

3
Issue 1 Handovers

• ERP allows authentication without signaling to
  the home realm.
• But is it desirable that the home server is not
  aware of the current point of attachment of the
  peer ?
• Some issues to solve if we allow handovers in
  Diam.ERP
• Routing server initiated messages to the correct
  NAS
• Managing the User-Name Session-Id (for
  accounting)
• Interaction with a mobility application (Diameter
  MIP6, )
• Is it better to focus on optimizing a mobility
  application (MIP4, MIP6) with ERP for handover
  scenario ?

4
Issue 2 Authorization

• The home realm provides an initial set of
  authorization attributes to the peer
  (authorization lifetime, )
• Re-authentication usually occurs when the session
  needs to be extended (we dont consider handovers
  here).
• Local ERP server must not extend the
  authorization
• Home realm approval is required for
  responsibility / liability
• Is there any benefit in having local ERP server
  cache the original authorization attributes ?
• Or can we limit its role to AUTHENTICATE_ONLY ?
• And is it useful at all to have a local ERP
  server ?

5
Thank you!