| Re: Issue: Section 1 Problem Statement | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Thu, 24 May 2007 08:17:58 -0700 (PDT) | |
How about this?
"1. Introduction
Today, network access clients are typically preconfigured
with a list of access networks, and corresponding identities
and credentials. However, as network access mechanisms
and operators have proliferated, it has become increasingly
likely that users will encounter networks for which no
preconfigured settings are available, yet which offer
desired services and the ability to successfully authenticate
with the user's home realm. It is also possible that
preconfigured settings will not be adequate in some situations.
In such cases, users can have difficulty in determining
which network to connect to, and how to authenticate to that network.
The problem arises when any of the following conditions are true:
o Within a single network, more than one network attachment point
is available, and the attachment points differ in their roaming
arrangements, or access to services. While the link layer
capabilities of a point of attachment may be advertised,
higher layer parameters such as roaming arrangements
or Internet access restrictions may not be. As a result,
a user may have difficulty determining what services are
available at each network attachment point, and which
attachment points it can successfully authenticate to.
For example, it is possible that a roaming agreement will
only enable a user to authenticate to the home realm from
some points of attachment, but not others. Similarly, it
is possible that access to the Internet may be restricted
at some points of attachment, but not others. In these
situations, the network access client cannot assume that
all points of attachment within a network offer identical
capabilities.
o Multiple networks are available for which the user has no
corresponding pre-configuration. The user may not
have pre-configured an identity and associated credentials
for use with a network, yet it is possible that the
user's home realm is reachable from that network,
enabling the user to successfully authenticate.
However, unless the roaming arrangements are advertised,
the network access client cannot determine apriori whether
successful authentication is likely. In this situation,
it is possible that the user will need to try multiple
networks in order to find one to which it can successfully
authenticate, or it is possible that the user will not be
able to obtain access at all, even though successful
authentication is feasible.
o The user has multiple sets of credentials. Where no
preconfiguration exists, it is possible that the user will
not be able to determine which credentials to use with which
attachment point, or even whether any credentials it possesses
will allow it to authenticate successfully. An
identity and associated credentials can be usable for authentication
with multiple networks, and not all of these networks will be
preconfigured. For example, the user could have one set of
credentials from a public service provider and another set
from an employer, and a network might enable authentication
with one or more of these credentials. Yet, without
preconfiguration, multiple unsuccessful authentication attempts
could be needed for each attachment point in order to determine
what credentials are usable, wasting valuable time and
resulting in user frustration. In order to choose between multiple
attachment points, it can be helpful to provide additional
information to enable the correct credentials to be determined.
o There are multiple potential roaming paths between the visited
realm and the user's home realm, and service parameters or pricing
differs between them. In this situation, there could be multiple
ways for the user to successfully authenticate using the same
identity and credentials, yet the cost of each approach might
differ. In this case, the access network may not be
able to determine the roaming path that best matches the user's
preferences. This can lead to the user being charged more than
necessary, or not obtaining the desired services. For example,
the visited access realm could have both a direct relationship
with the home realm and an indirect relationship through a roaming
consortium. Current Authentication, Authorization and Accounting
(AAA) protocols may not be able to route the access request to the
home AAA sever purely based on the realm within the Network Access
Identifier (NAI) [RFC4282]. In addition, payload packets can be
routed or tunneled differently, based on the roaming relationship
path. This may have an impact on the available services or their
pricing.
In Section 2 the network discovery and selection problem is defined
and divided into subproblems. Some solution constraints are outlined
in Section 3. Section 4 provides conclusions and suggestions for
future work. Appendix A discusses existing solutions to portions of
the problem."
"1. Introduction
Today, network access clients are typically preconfigured
with a list of access networks, and corresponding identities
and credentials. However, as network access mechanisms
and operators have proliferated, it has become increasingly
likely that users will encounter networks for which no
preconfigured settings are available, yet which offer
desired services and the ability to successfully authenticate
with the user's home realm. It is also possible that
preconfigured settings will not be adequate in some situations.
In such cases, users can have difficulty in determining
which network to connect to, and how to authenticate to that network.
The problem arises when any of the following conditions are true:
o Within a single network, more than one network attachment point
is available, and the attachment points differ in their roaming
arrangements, or access to services. While the link layer
capabilities of a point of attachment may be advertised,
higher layer parameters such as roaming arrangements
or Internet access restrictions may not be. As a result,
a user may have difficulty determining what services are
available at each network attachment point, and which
attachment points it can successfully authenticate to.
For example, it is possible that a roaming agreement will
only enable a user to authenticate to the home realm from
some points of attachment, but not others. Similarly, it
is possible that access to the Internet may be restricted
at some points of attachment, but not others. In these
situations, the network access client cannot assume that
all points of attachment within a network offer identical
capabilities.
o Multiple networks are available for which the user has no
corresponding pre-configuration. The user may not
have pre-configured an identity and associated credentials
for use with a network, yet it is possible that the
user's home realm is reachable from that network,
enabling the user to successfully authenticate.
However, unless the roaming arrangements are advertised,
the network access client cannot determine apriori whether
successful authentication is likely. In this situation,
it is possible that the user will need to try multiple
networks in order to find one to which it can successfully
authenticate, or it is possible that the user will not be
able to obtain access at all, even though successful
authentication is feasible.
o The user has multiple sets of credentials. Where no
preconfiguration exists, it is possible that the user will
not be able to determine which credentials to use with which
attachment point, or even whether any credentials it possesses
will allow it to authenticate successfully. An
identity and associated credentials can be usable for authentication
with multiple networks, and not all of these networks will be
preconfigured. For example, the user could have one set of
credentials from a public service provider and another set
from an employer, and a network might enable authentication
with one or more of these credentials. Yet, without
preconfiguration, multiple unsuccessful authentication attempts
could be needed for each attachment point in order to determine
what credentials are usable, wasting valuable time and
resulting in user frustration. In order to choose between multiple
attachment points, it can be helpful to provide additional
information to enable the correct credentials to be determined.
o There are multiple potential roaming paths between the visited
realm and the user's home realm, and service parameters or pricing
differs between them. In this situation, there could be multiple
ways for the user to successfully authenticate using the same
identity and credentials, yet the cost of each approach might
differ. In this case, the access network may not be
able to determine the roaming path that best matches the user's
preferences. This can lead to the user being charged more than
necessary, or not obtaining the desired services. For example,
the visited access realm could have both a direct relationship
with the home realm and an indirect relationship through a roaming
consortium. Current Authentication, Authorization and Accounting
(AAA) protocols may not be able to route the access request to the
home AAA sever purely based on the realm within the Network Access
Identifier (NAI) [RFC4282]. In addition, payload packets can be
routed or tunneled differently, based on the roaming relationship
path. This may have an impact on the available services or their
pricing.
In Section 2 the network discovery and selection problem is defined
and divided into subproblems. Some solution constraints are outlined
in Section 3. Section 4 provides conclusions and suggestions for
future work. Appendix A discusses existing solutions to portions of
the problem."
Subject: RE: [eap] Issue: Section 1 Problem Statement
Date: Thu, 24 May 2007 00:25:44 -0700
From: FB5431 [at] att.com
To: bernard_aboba [at] hotmail.com; eap [at] frascone.com
Hi Bernard,
Your revision of first para eliminates an important scenario for network selection from amongst networks with different capabilities even when they are form the same operator using same authentication method. So in this scenario multiple networks will be mapping to one “preconfigured operator name and access method” implying the preconfigured information is available but it is insufficient to do selection. I have tried to edit the first para as bellow..
“Today, network access clients are typically preconfigured with a list of access networks, and corresponding identities
and credentials. However, as new network access technologies emerge and authentication mechanisms and operators have proliferated, it has become increasingly likely that users will encounter networks for which preconfigured settings in the client are either not available or insufficient, yet which can deliver desired services and can successfully authenticate the user to his home AAA server. In such a situation, users can have difficulty in determining which network to connect to, and how to authenticate to that network.”
Based on these changes minor change is also proposed to first sentence of first bullet as follows.
“More than one network attachment point is available, and the attachment points differ in their roaming arrangements or access to services, or their capabilities such as QoS or belong to operators which the network access client is not preconfigured for.”
BR,
Farooq Bari
farooq.bari [at] att.com
+1 425 580 5526
From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com]
Sent: Wednesday, May 23, 2007 9:32 PM
To: eap [at] frascone.com
Subject: [eap] Issue: Section 1 Problem Statement
Issue: Section 1 Problem StatementSubmitter name: Bernard AbobaSubmitter email address: aboba [at] internaut.comDate Submitted: May 23, 2007Reference:Document: NETSEL-07Comment type: EditorialPriority: SSection: 1Rationale/Explanation of issue:In reading over Section 1, it is not clear to me that the essence of the problem has been clearly stated.I believe that the central issue here is that a user can encounter networks for which there is no preconfiguration.Also, I think there is an assumption that the networks that a user can encounter may restrict access to the Internet in some way so that all Internet services may not be accessible.I believe that these assumptions need to be more clearly spelled out. Find enclosed below a rewrite of Section 1 that hopefully makes these assumptions more clear."1. IntroductionToday, network access clients are typically preconfigured
with a list of access networks, and corresponding identities
and credentials. However, as network access mechanisms
and operators have proliferated, it has become increasingly
likely that users will encounter networks for which no
preconfigured settings are available, yet which offer
desired services and the ability to successfully authenticate
with the user's home AAA server. In such a situation,
users can have difficulty in determining which network to
connect to, and how to authenticate to that network.The problem arises when any of the following conditions are true:o More than one network attachment point is available, and the
attachment points differ in their roaming arrangements or
access to services, or belong to operators which the
network access client is not preconfigured for.
In this case, a user may have difficulty determining
what services are available at each network attachment point, and
which attachment points it can successfully authenticate to.
For example, the user may not have pre-configured an identity
and associated credentials for use with a network, yet it is
possible that the user's home AAA server is reachable from
that network, enabling the user to successfully authenticate.
While the local network's capabilities may be advertised,
where access to the Internet is restricted, it can
be difficult for the user to determine apriori what services
will be available upon connection.o The user has multiple sets of credentials. Where no
preconfiguration exists, it is possible that the user will
not be able to determine which credentials to use with which
attachment point, or even whether any credentials it possesses
will allow it to authenticate successfully. An
identity and associated credentials can be usable for authentication
with multiple networks, and not all of these networks will be
preconfigured. For example, the user could have one set of
credentials from a public service provider and another set
from an employer, and a network might enable authentication
with one or more of these credentials. Yet, without
preconfiguration, multiple unsuccessful authentication attempts
could be needed for each attachment point in order to determine
what credentials are usable, wasting valuable time and
resulting in user frustration. In order to choose between multiple
attachment points, it can be helpful to provide additional
information to enable the correct credentials to be determined.o There are multiple potential roaming paths between the visited
realm and the user's home realm, and service parameters or pricing
differs between them. In this situation, there could be multiple
ways for the user to successfully authenticate using the same
identity and credentials, yet the cost of each approach might
differ. In this case, the access network may not be
able to determine the roaming path that best matches the user's
preferences. This can lead to the user being charged more than
necessary, or not obtaining the desired services. For example,
the visited access realm could have both a direct relationship
with the home realm and an indirect relationship through a roaming
consortium. Current Authentication, Authorization and Accounting
(AAA) protocols may not be able to route the access request to the
home AAA sever purely based on the realm within the Network Access
Identifier (NAI) [RFC4282]. In addition, payload packets can be
routed or tunneled differently, based on the roaming relationship
path. This may have an impact on the available services or their
pricing.In Section 2 the network discovery and selection problem is defined
and divided into subproblems. Some solution constraints are outlined
in Section 3. Section 4 provides conclusions and suggestions for
future work. Appendix A discusses existing solutions to portions of
the problem."
-
Issue: Section 1 Problem Statement Bernard Aboba, May 23 2007
- Re: Issue: Section 1 Problem Statement Bari, Farooq, May 24 2007
- Re: Issue: Section 1 Problem Statement Bernard Aboba, May 24 2007
-
Re: Issue: Section 1 Problem Statement Bernard Aboba, May 24 2007
- Re: Issue: Section 1 Problem Statement Bari, Farooq, May 24 2007
- Issue: Section 1 Problem Statement Bari, Farooq, May 24 2007
Results generated by Tiger Technologies using MHonArc.