| Issue 376: Proposed Resolution (Section 1) | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sun, 25 Feb 2007 15:41:48 -0800 (PST) | |
In the next few messages, I will propose specific changes to address Issue
376. This message will concentrate on changes to the abstract and Section
1. Other messages will deal with other sections of the document.
Abstract
The so called network discovery and selection problem affects network access, particularly in the presence of multiple available wireless accesses and roaming. This problem has been the subject of discussions in various standards bodies. This document summarizes the discussion held about this problem in the Extensible Authentication Protocol (EAP) working group at the IETF. The problem is defined and divided into subproblems, and some constraints for possible solutions are outlined. The document also provides a discussion of the limitations of certain classes of solution, including some that have been previously defined.
Suggest changing to:
When multiple access network are available, roaming users may have difficulty in selecting which network to connect to, and how to authenticate with that network. This document defines the network discovery and selection problem, dividing it into multiple sub-problems. Some constraints on potential solutions are outlined, and the limitations of several solutions (including existing ones) are discussed.
1. Introduction
The network discovery and selection problem affects network access and wireless access networks in particular. Aspects of the problem will appear when any of the following conditions are true:
[BA] Suggest changing to:
When multiple access network are available, roaming users may have difficulty in selecting which network to connect to, and how to authenticate with that network. The problem arises when any of the following conditions are true:
[BA] The next few paragraphs state conditions under which the problem can occur, but don't clearly state what bad things will happen in each circumstance:
o There is more than one available network attachment point, and the
different attachment points may have different characteristics or
belong to different operators. In the case of virtual operators,
access network infrastructure including e.g. the access points can
be shared by multiple operators. In order to choose between the
network attachment points, it may be helpful to determine which
realms are supported and the capabilities access network
supporting those realms. Otherwise, the mobile station might
frequently roam into networks that are not able to satisfy the
roaming connectivity needs or provide services the mobile station
(and the subscriber) are seeking for. This would of course lower
the general quality of offered services. o The user has multiple sets of credentials. For instance, the user
could have one set of credentials from a public service provider
and set from the user's employer. In this case it may be helpful
to provide additional information to enable the correct credential
set to be determined. Otherwise, it could happen that for example
a network access authentication repeatedly fails because of
incorrectly selected and offered set of credentials. o There is more than one way to provide roaming between the visited
realm used for access and user's home realm, and service
parameters or pricing differs between them. For instance, the
visited access realm could have both a direct relationship with
the home realm and an indirect relationship through a roaming
consortium. In some scenarios, current AAA protocols may not be
able to route the requests to the home realm unaided, just based
on the domain in the given Network Access Identifier (NAI)
[RFC4282]. In addition, payload packets can get routed or
tunneled differently, based on the roaming relationship path in
use. This may have an impact on the available services or their
pricing.[BA] Suggest changing to:
o More than one network attachment point is available, and the
attachment points differ in capability or belong to different
operators. In this case, a roaming user may have difficulty
determining which attachment points offering the desired services
it can successfully authenticate to. In order to choose between
multiple attachment points, it can be helpful to determine which
realms are supported and the capabilities that the networks support o The user has multiple sets of credentials. In this case, the
user may not be able to determine which credentials to use with
which attachment point, or even whether any credentials it
possesses will allow it to authenticate successfully. This
can result in multiple unsuccessful authentication attempts
for each attachment point, wasting valuable time and resulting
in user frustration. For example, the user
could have one set of credentials from a public service provider
and set from an employer. In order to choose between multiple
attachment points, it can be helpful to provide additional
information to enable the correct credentials to be determined. o There are multiple potential roaming paths between the visited
realm and the user's home realm, and service parameters or
pricing differs between them. In this case, the access network
may not be able to determine the roaming path that best matches
the user's preferences. This can lead to the user being
charged more than necessary, or not obtaining the desired
services. For example, the visited access realm could have
both a direct relationship with the home realm and an indirect
relationship through a roaming consortium. Current AAA protocols
may not be able to route the access request to the home AAA sever
purely based on the realm within the Network Access Identifier (NAI)
[RFC4282]. In addition, payload packets can be routed or
tunneled differently, based on the roaming relationship path.
This may have an impact on the available services or their
pricing.[BA] The next paragraph could be cleaned up a bit:
In Section 2 the network discovery and selection problem is defined and divided into subproblems, and some design issues for possible solutions are outlined in Section 3. Section 4 gives the conclusions and some suggestions on how to proceed for the rest. Appendix A discusses existing mechanisms which help solve at least parts of the problem. The terms "network" and "realm" have sometimes been used interchangeably within the context of selection and discovery. It should be noted that a realm can be reachable from more than one access network types and selection of a realm may not imply certain network capabilities.
Suggest changing to:
In Section 2 the network discovery and selection problem is defined and divided into subproblems, and some potential solution constraints are outlined in Section 3. Section 4 provides conclusions and suggestions for future work. Appendix A discusses existing solutions to portions of the problem.
[BA] The following sentences belong in the terminology section:
The terms "network" and "realm" have sometimes been used interchangeably within the context of selection and discovery. It should be noted that a realm can be reachable from more than one access network types and selection of a realm may not imply certain network capabilities.
-
Issue 376: Proposed Resolution (Section 1) Bernard Aboba, February 25 2007
- Re: Issue 376: Proposed Resolution (Section 1.1) Bernard Aboba, February 26 2007
-
Re: Issue 376: Proposed Resolution (Section 2) Bernard Aboba, February 26 2007
-
Re: Issue 376: Proposed Resolution (Section 2.4) Bernard Aboba, February 26 2007
- Re: Issue 376: Proposed Resolution (Section 2.4) Bernard Aboba, February 26 2007
-
Re: Issue 376: Proposed Resolution (Section 2.4) Bernard Aboba, February 26 2007
Results generated by Tiger Technologies using MHonArc.