| RE: Strawman -10/EMSK deletion requirement? | <– Date –> <– Thread –> |
From: Avi Lior (avi bridgewatersystems.com)
|
|
| Date: Mon, 6 Mar 2006 13:31:27 -0800 (PST) | |
Hi Jari, We seem to agree until we get here snip: Avi wrote: > >It is basically this, how do I know which ones to generate during > >network access authentication? I could have lots of them. > Also perhaps > >during this session the user requested access to a new > application. I > >need a key now. Should I tear down the session just so I > can get a new > >EMSK? > > > > Jari wrote: > The latter should never happen. If we do the calculation of > AMSKs a priori, > then it needs to be something enabled by the user's profile. If he is > authorized to day (say) access handoff, mobile IP, and some > QoS exchange, > then we'd generate three AMSKs for that user. Perhaps you missed my poorly stated point :-) What if the user is requesting access to a new application? which could also involve the modification of the user's profile. If EMSK is not there, then what do I do? Restart the session? No. At anyrate I belive that there could be other use cases... I gave two reason why: Just-in-time; Dynamic-Application provisioning. > >>2. Do you have a plan how to manage the cache at the AAA > >>server side, if there is no agreement a priori that EMSKs and > >>specific AMSKs are going to be needed? > >> > >> > > > >EMSK should be bound to a user session. When the user > session goes away > >so should the EMSK. If the user session is reauthenticated so should > >the EMSK. > > > > > Ok. This sounds reasonable. There may be still tradeoffs > between keeping one EMSK for all sessions vs. keeping bunch of > AMSKs for those sessions that have been authorized to do > more than pure access. Hmmmmm... A session is an EAP session (which is one Access Session) and you should only have one EMSK for that session. AMSKs are dervied from the EMSK belong to that session. > But its hard for me to quantify this > tradeoff, given that we don't know how many applications we could > in practice be talking about, and in particular we don't know what > fraction of users would be authorized to use those applications. > Just > some, or would this be something that is by default turned on for > everyone? IMO that would be deployement issue. We see a very immediate need for EMSK and AMSK today which will be used by everyone in the network -- and this is the MIP case, but other then that EMSK/AMSK is very very new. Wait until 3GPP/2 and OMA learn about it. Avi
- RE: Strawman -10/EMSK deletion requirement?, (continued)
- RE: Strawman -10/EMSK deletion requirement? Nakhjiri Madjid-MNAKHJI1, March 6 2006
- RE: Strawman -10/EMSK deletion requirement? Nakhjiri Madjid-MNAKHJI1, March 6 2006
-
RE: Strawman -10/EMSK deletion requirement? Avi Lior, March 6 2006
- Re: Strawman -10/EMSK deletion requirement? Jari Arkko, March 6 2006
- RE: Strawman -10/EMSK deletion requirement? Avi Lior, March 6 2006
- Re: Strawman -10/EMSK deletion requirement? Jari Arkko, March 9 2006
- RE: Strawman -10/EMSK deletion requirement? Salowey, Joe, March 6 2006
- RE: Strawman -10/EMSK deletion requirement? Nakhjiri Madjid-MNAKHJI1, March 6 2006
- RE: Strawman -10/EMSK deletion requirement? Nakhjiri Madjid-MNAKHJI1, March 6 2006
Results generated by Tiger Technologies using MHonArc.