datatracker.ietf.org
Sign in
Version 5.6.2.p2, 2014-07-24
Report a bug

RADIUS EXTensions (radext)

Group
Name: RADIUS EXTensions
Acronym:radext
Area:Operations and Management Area (ops)
State: Active
Charter: charter-ietf-radext-05 (Approved)
More info: Additional RADEXT Web Page
Personnel
Chairs: Stefan Winter <stefan.winter@restena.lu>
Jouni Korhonen <jouni.nospam@gmail.com>
Area Director: Benoit Claise <bclaise@cisco.com>
Mailing List
Address:radext@ietf.org
To Subscribe:https://www.ietf.org/mailman/listinfo/radext
Archive:http://www.ietf.org/mail-archive/web/radext/
Jabber Chat
Room Address: xmpp:radext@jabber.ietf.org
Logs: http://jabber.ietf.org/logs/radext/

Charter for Working Group

The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol required to expand and enrich the standard attribute
space, address cryptographic algorithm agility, use of new secure
transports and clarify its usage and definition.

In order to maintain interoperation of heterogeneous RADIUS/Diameter
deployments, all RADEXT WG work items except those that just define new
attributes MUST contain a Diameter compatibility section, outlining how
interoperability with Diameter will be maintained.

Furthermore, to ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
the following restrictions are imposed on extensions considered by the
RADEXT WG:

- All documents produced MUST specify means of interoperation with
legacy RADIUS and, if possible, be backward compatible with existing
RADIUS RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580,
4668-4673,4675, 5080, 5090, 5176 and 6158. Transport profiles should, if
possible, be compatible with RFC 3539.

Work Items
The immediate goals of the RADEXT working group are to address the
following issues:

- RADIUS attribute space extension. The standard RADIUS attribute space
is currently being depleted. This document will provide additional
standard attribute space, while maintaining backward compatibility with
existing attributes.

- IEEE 802 attributes. New attributes have been proposed to support IEEE
802 standards for wired and wireless LANs. This work item will support
authentication, authorization and accounting attributes needed by IEEE
802 groups including IEEE 802.1, IEEE 802.11 and IEEE 802.16.

- New RADIUS transports. A reliable transport profile for RADIUS will be
developed, as well as specifications for Secure transports, including
TCP/TLS (RADSEC) and UDP/DTLS.

- Update and clarification of Network Access Identifiers (RFC4282). This
work item will correct and clarify issues present with RFC4282 in two
phases. In first phase, RFC4282bis will be issued to eliminate
fundamental incompatibilities with RADIUS around character encoding and
NAI modifications by proxies. In second phase, a fresh review of NAI
internationalization requirements and behavior will be undertaken with a
clear goal of maintaining compatibility with RADIUS.

- Fragmentation of RADIUS packets to support exchanges exceeding the
existing 4KB limit imposed by RFC 2865.

Milestones

Done
Updates to RFC 2618-2621 RADIUS MIBs submitted for publication
Done
SIP RADIUS authentication draft submitted as a Proposed Standard RFC
Done
RFC 2486bis submitted as a Proposed Standard RFC
Done
RFC 3576 MIBs submitted as an Informational RFC
Done
RADIUS VLAN and Priority Attributes draft submitted as a Proposed Standard RFC (reduced in scope)
Done
RADIUS Implementation Issues and Fixes draft submitted as an Informational RFC
Done
RADIUS Filtering Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft)
Done
RFC 3576bis submitted as an Informational RFC (split out from Issues & Fixes draft)
Done
RADIUS Redirection Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft)
Done
RADIUS Design Guidelines submitted as a Best Current Practice RFC
Done
RADIUS Management Authorization I-D submitted as a Proposed Standard RFC
Done
Reliable Transport Profile for RADIUS I-D submitted as a Proposed Standard RFC
Done
Status-Server I-D submitted as a Proposed Standard RFC
Done
RADSEC (RADIUS over TCP/TLS) draft submitted as an Experimental RFC
Done
RADIUS Crypto-agility Requirements submitted as an Informational RFC
Dec 2012
RFC 4282bis submitted as a Proposed Standard RFC
Done
IPv6 Access I-D submitted as a Proposed Standard RFC
Done
Extended Attributes I-D submitted as a Proposed Standard RFC
Done
IEEE 802 Attributes I-D submitted as a Proposed Standard RFC
Dec 2012
Dynamic Discovery I-D submitted as a Proposed Standard RFC
Done
RADIUS over DTLS I-D submitted as an Experimental RFC
Feb 2013
RADIUS packet fragmentation submitted as an Experimental RFC
Aug 2014
Larger Packets for RADIUS over TCP I-D submitted as an Experimental RFC
draft-ietf-radext-bigger-packets