Remote Authentication Dial-In User Service (radius)
|Name:||Remote Authentication Dial-In User Service|
|Area:||Operations and Management Area (ops)|
Carl Rigney <email@example.com>
The original specification for and implementation of RADIUS was written
by Steve Willens of Livingston Enterprises in response to a need
outlined by the earlier NASREQ working group, and has been deployed by
multiple vendors over the past 3 years.
No other working group appears to be addressing the topic of
communicating authentication and authorization information between a
Network Access Server and a central authentication & authorization
server, and general consensus is that standardization of such a
protocol would be extremely useful.
This working group will produce four documents:
1) By early '96, an informational RFC documenting the RADIUS protocol
already deployed for use by a Network Access Server (NAS) to
communicate with a remote Authentication & Authorization database
server, with minor amendments reflecting field experience of several
implementations over several years at hundreds of sites.
2) By February '96, an informational RFC describing RADIUS Accounting.
3) By early '97, a full standard RFC documenting the RADIUS protocol,
addressing any operational or security issues raised concerning the
informational RFC. This document will obsolete goal 1. (If the
Internet-Draft for goal 1 is deemed suitable by the IESG for release
a Proposed Standard instead of informational, then goals 1 and 3 will
4) Starting in February '96 and concluding in '97, a RADIUS Extensions
RFC documenting extensions for additional functionality within the
RADIUS framework, which will be interoperable with the base RADIUS
defined in the document for goal 3.
The intent in goals 1 through 3 are to document the protocol as it
exists and is used currently, in such a way as to allow interoperable
implementations to be written from the RFC. Minor modifications to
enhance interoperability or operation based on field experience are
suitable, major overhauls are outside the scope of this working group's
charter. Goal 4 is to provide a mechanism for additional features
deemed widely useful to be added to the existing framework, for example
to provide better support for EAP.
Clearly outside the scope of the charter are the following:
1) NAS Standardization is outside the scope. We're defining standard
RADIUS, not a standard encompassing everything about network access
servers. This effort does not require NASes to implement RADIUS; it
just defines how the RADIUS Protocol works on NASes that do
2) RADIUS is not intended as a NAS management protocol; SNMP already
exists for that.
3) Management of the Authentication/Authorization database itself is
outside the scope.
4) Alternative transport protocols such as IPX or IPv6 appear
straightforward, but will not be addressed in this effort.
5) The flexibility and generality of RADIUS have led to its use for
other applications, but this Working Group is addressing only those
uses involving user dial-in to Network Access Servers.
Meet at Dallas IETF.
Submit revised Radius Accounting Internet-Draft.
Submit revised Radius Internet-Draft.
Submit Radius Accounting Internet-Draft to IESG for consideration as an Informational RFC.
Submit Radius Internet-Draft to IESG for consideration as an Informational RFC.
Submit Internet-Draft on Radius Extensions.
Meet at LA IETF to deal with any pending issues on Radius or Radius Accounting Internet-Drafts.
Submit Radius protocol Internet-Draft to IESG for consideration as a Proposed Standard.
Submit revised Radius Extensions document as Internet-Draft.
Submit Radius Protocol to IESG to be considered for elevation to Draft Standard.