datatracker.ietf.org
Sign in
Version 5.7.4, 2014-11-12
Report a bug

Session Authorization Policy Element
RFC 3520

Document type: RFC - Proposed Standard (April 2003; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3520 (Proposed Standard)
Responsible AD: Bert Wijnen
IESG Note: published as RFC3520
Send notices to: <scott.hahn@intel.com>, <mlstevens@rcn.com>

Network Working Group                                         L-N. Hamer
Request for Comments: 3520                                       B. Gage
Category: Standards Track                                Nortel Networks
                                                             B. Kosinski
                                                     Invidi Technologies
                                                                H. Shieh
                                                           AT&T Wireless
                                                              April 2003

                 Session Authorization Policy Element

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document describes the representation of a session authorization
   policy element for supporting policy-based per-session authorization
   and admission control.  The goal of session authorization is to allow
   the exchange of information between network elements in order to
   authorize the use of resources for a service and to co-ordinate
   actions between the signaling and transport planes.  This document
   describes how a process on a system authorizes the reservation of
   resources by a host and then provides that host with a session
   authorization policy element which can be inserted into a resource
   reservation protocol (e.g., the Resource ReSerVation Protocol (RSVP)
   PATH message) to facilitate proper and secure reservation of those
   resources within the network.  We describe the encoding of session
   authorization information as a policy element conforming to the
   format of a Policy Data object (RFC 2750) and provide details
   relating to operations, processing rules and error scenarios.

Hamer, et al.               Standards Track                     [Page 1]
RFC 3520          Session Authorization Policy Element        April 2003

Table of Contents

   1. Conventions used in this document..............................3
   2. Introduction...................................................3
   3. Policy Element for Session Authorization.......................4
      3.1 Policy Data Object Format..................................4
      3.2 Session Authorization Policy Element.......................4
      3.3 Session Authorization Attributes...........................4
        3.3.1 Authorizing Entity Identifier..........................6
        3.3.2 Session Identifier.....................................7
        3.3.3 Source Address.........................................7
        3.3.4 Destination Address....................................9
        3.3.5 Start time............................................10
        3.3.6 End time..............................................11
        3.3.7 Resources Authorized..................................11
        3.3.8 Authentication data...................................12
   4. Integrity of the AUTH_SESSION policy element..................13
      4.1 Shared symmetric keys.....................................13
        4.1.1 Operational Setting using shared symmetric keys.......13
      4.2 Kerberos..................................................14
        4.2.1. Operational Setting using Kerberos...................15
      4.3 Public Key................................................16
        4.3.1. Operational Setting for public key based
               authentication.......................................16
          4.3.1.1 X.509 V3 digital certificates.....................17
          4.3.1.2 PGP digital certificates..........................17
   5. Framework.....................................................18
      5.1 The coupled model.........................................18
      5.2 The associated model with one policy server...............18
      5.3 The associated model with two policy servers..............19
      5.4 The non-associated model..................................19
   6. Message Processing Rules......................................20
      6.1 Generation of the AUTH_SESSION by the authorizing entity..20
      6.2 Message Generation (RSVP Host)............................20
      6.3 Message Reception (RSVP-aware Router).....................20
      6.4 Authorization (Router/PDP)................................21
   7. Error Signaling...............................................22
   8. IANA Considerations...........................................22

[include full document text]