Browse Prior Art Database

Proxy Chaining and Policy Implementation in Roaming (RFC2607)

IP.com Disclosure Number: IPCOM000003194D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 12 page(s) / 31K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Aboba: AUTHOR [+2]

Abstract

This document describes how proxy chaining and policy implementation can be supported in roaming systems. The mechanisms described in this document are in current use.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group B. Aboba

Request for Comments: 2607 Microsoft Corporation

Category: Informational J. Vollbrecht

Merit Networks, Inc.

June 1999

Proxy Chaining and Policy Implementation in Roaming

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

This document describes how proxy chaining and policy implementation

can be supported in roaming systems. The mechanisms described in this

document are in current use.

However, as noted in the security considerations section, the

techniques outlined in this document are vulnerable to attack from

external parties as well as susceptible to fraud perpetrated by the

roaming partners themselves. As a result, such methods are not

suitable for wide-scale deployment on the Internet.

2. Terminology

This document frequently uses the following terms:

Network Access Server

The Network Access Server (NAS) is the device that clients contact

in order to get access to the network.

RADIUS server

This is a server which provides for authentication/authorization

via the protocol described in [3], and for accounting as described

in [4].

RADIUS proxy

In order to provide for the routing of RADIUS authentication and

accounting requests, a RADIUS proxy can be employed. To the NAS,

the RADIUS proxy appears to act as a RADIUS server, and to the

RADIUS server, the proxy appears to act as a RADIUS client.

Network Access Identifier

In order to provide for the routing of RADIUS authentication and

accounting requests, the userID field used in PPP (known as the

Network Access Identifier or NAI) and in the subsequent RADIUS

authentication and accounting requests, can contain structure.

This structure provides a means by which the RADIUS proxy will

locate the RADIUS server that is to receive the request. The NAI

is defined in [6].

Roaming relationships

Roaming relationships include relationships between companies and

ISPs, relationships among peer ISPs within a roaming association,

and relationships between an ISP and a roaming consortia.

Together, the set of relationships forming a path between a local

ISP's authentication proxy and the home authentication server is

known as the roaming relationship path.

3. Requirements language

In this document, the key words "MAY", "MUST, "MUST NOT", "optional",

"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as

described in [5].

4. Introduction

Today, as described in [1], proxy chaining is widely de...