datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

RADIUS EXTensions
charter-ietf-radext-05

WG Review Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: radext WG <radext@ietf.org> 
Subject: WG Review: RADIUS EXTensions (radext)

The RADIUS EXTensions (radext) working group in the Operations and
Management Area of the IETF is undergoing rechartering. The IESG has not
made any determination yet. The following draft charter was submitted,
and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg at ietf.org) by 2012-11-20.

RADIUS EXTensions (radext)
------------------------------------------------
Current Status: Active Working Group

Chairs:
  Jouni Korhonen <jouni.nospam@gmail.com>
  Mauricio Sanchez <mauricio.sanchez@hp.com>

Technical advisors:
  Paul Congdon <paul.congdon@hp.com>

Assigned Area Director:
  Benoit Claise <bclaise@cisco.com>

Mailing list
  Address: radext@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/radext
  Archive: http://www.ietf.org/mail-archive/web/radext/

Charter of Working Group:

The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol required to expand and enrich the standard attribute
space, address  cryptographic algorithm agility, use of new secure
transports and clarify its usage and definition.

In order to maintain interoperation of heterogeneous RADIUS/Diameter
deployments, all RADEXT WG work items except those that just define new
attributes MUST contain a Diameter compatibility section, outlining how
interoperability with Diameter will be maintained.

Furthermore, to ensure backward compatibility with existing RADIUS 
implementations, as well as compatibility between RADIUS and Diameter,
the following restrictions are imposed on extensions considered by the
RADEXT WG:

- All documents produced MUST specify means of interoperation with legacy
RADIUS and, if possible, be backward compatible with existing RADIUS
RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673,4675,
5080, 5090, 5176 and 6158. Transport profiles should, if possible, be
compatible with RFC 3539.

Work Items
The immediate goals of the RADEXT working group are to address the
following issues:

- RADIUS attribute space extension. The standard RADIUS attribute space
is currently being depleted. This document will provide additional
standard attribute space, while maintaining backward compatibility with
existing attributes.

- IEEE 802 attributes. New attributes have been proposed to support IEEE
802 standards for wired and wireless LANs. This work item will support
authentication, authorization and accounting attributes needed by IEEE
802 groups including IEEE 802.1, IEEE 802.11 and IEEE 802.16.

- New RADIUS transports. A reliable transport profile for RADIUS will be
developed, as well as specifications for Secure transports, including
TCP/TLS (RADSEC) and UDP/DTLS.

- Update and clarification of Network Access Identifiers (RFC4282). This
work item will correct and clarify issues present with RFC4282 in two
phases.  In first phase, RFC4282bis will be issued to eliminate
fundamental incompatibilities with RADIUS around character encoding and
NAI modifications by proxies.  In second phase, a fresh review of NAI
internationalization requirements and behavior will be undertaken with a
clear goal of maintaining compatibility with RADIUS.

- Fragmentation of RADIUS packets to support exchanges exceeding the
existing 4KB limit imposed by RFC 2865.

Goals and Milestones
Done Updates to RFC 2618-2621 RADIUS MIBs submitted for publication
Done SIP RADIUS authentication draft submitted as a Proposed Standard RFC
Done RFC 2486bis submitted as a Proposed Standard RFC
Done RFC 3576 MIBs submitted as an Informational RFC
Done RADIUS VLAN and Priority Attributes draft submitted as a Proposed
Standard RFC (reduced in scope)
Done RADIUS Implementation Issues and Fixes draft submitted as an
Informational RFC
Done RADIUS Filtering Attributes draft submitted as a Proposed Standard
RFC (split out from VLAN & Priority draft)
Done RFC 3576bis submitted as an Informational RFC (split out from Issues
& Fixes draft)
Done RADIUS Redirection Attributes draft submitted as a Proposed Standard
RFC (split out from VLAN & Priority draft)
Done RADIUS Design Guidelines submitted as a Best Current Practice RFC
Done RADIUS Management Authorization I-D submitted as a Proposed Standard
RFC
Done Reliable Transport Profile for RADIUS I-D submitted as a Proposed
Standard RFC
Done Status-Server I-D submitted as a Proposed Standard RFC
Done RADIUS Crypto-agility Requirements submitted as an Informational RFC
Done RADSEC (RADIUS over TCP/TLS) draft submitted as an Experimental RFC
Dec 2012 IPv6 Access I-D submitted as a Proposed Standard RFC
Dec 2012 RFC 4282bis submitted as a Proposed Standard RFC
Dec 2012 Extended Attributes I-D submitted as a Proposed Standard RFC
Dec 2012 Dynamic Discovery I-D submitted as a Proposed Standard RFC
Dec 2012 IEEE 802 Attributes I-D submitted as a Proposed Standard RFC
Jan 2013 RADIUS over DTLS I-D submitted as an Experimental RFC
Feb 2013 RADIUS packet fragmentation submitted as an Experimental RFC

Milestones:
  Done     - Updates to RFC 2618-2621 RADIUS MIBs submitted for
publication
  Done     - SIP RADIUS authentication draft submitted as a Proposed
Standard RFC
  Done     - RFC 2486bis submitted as a Proposed Standard RFC
  Done     - RFC 3576 MIBs submitted as an Informational RFC
  Done     - RADIUS VLAN and Priority Attributes draft submitted as a
Proposed Standard RFC (reduced in scope)
  Done     - RADIUS Implementation Issues and Fixes draft submitted as an
Informational RFC
  Done     - RADIUS Filtering Attributes draft submitted as a Proposed
Standard RFC (split out from VLAN & Priority draft)
  Done     - RFC 3576bis submitted as an Informational RFC (split out
from Issues & Fixes draft)
  Done     - RADIUS Redirection Attributes draft submitted as a Proposed
Standard RFC (split out from VLAN & Priority draft)
  Done     - RADIUS Design Guidelines submitted as a Best Current
Practice RFC
  Done     - RADIUS Management Authorization I-D submitted as a Proposed
Standard RFC
  Done     - Reliable Transport Profile for RADIUS I-D submitted as a
Proposed Standard RFC
  Done     - Status-Server I-D submitted as a Proposed Standard RFC
  Dec 2010 - IPv6 Access I-D submitted as a Proposed Standard RFC
  Mar 2011 - RADIUS over DTLS I-D submitted as an Experimental RFC
  Mar 2011 - RADSEC (RADIUS over TCP/TLS) draft submitted as an
Experimental RFC
  Mar 2011 - RADIUS Crypto-agility Requirements submitted as an
Informational RFC
  Jun 2011 - Extended Attributes I-D submitted as a Proposed Standard RFC
  Oct 2011 - IEEE 802 Attributes I-D submitted as a Proposed Standard RFC
  Oct 2011 - Dynamic Discovery I-D submitted as a Proposed Standard RFC



WG Action Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: radext WG <radext@ietf.org> 
Subject: WG Action: Rechartered RADIUS EXTensions (radext)

The RADIUS EXTensions (radext) working group in the Operations and
Management Area of the IETF has been rechartered. For additional
information please contact the Area Directors or the WG Chairs.

RADIUS EXTensions (radext)
------------------------------------------------
Current Status: Active Working Group

Chairs:
  Jouni Korhonen <jouni.nospam@gmail.com>
  Mauricio Sanchez <mauricio.sanchez@hp.com>

Technical advisors:
  Paul Congdon <paul.congdon@hp.com>

Assigned Area Director:
  Benoit Claise <bclaise@cisco.com>

Mailing list
  Address: radext@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/radext
  Archive: http://www.ietf.org/mail-archive/web/radext/

Charter of Working Group:

The RADIUS Extensions Working Group will focus on extensions to the 
RADIUS protocol required to expand and enrich the standard attribute 
space, address  cryptographic algorithm agility, use of new secure 
transports and clarify its usage and definition.

In order to maintain interoperation of heterogeneous RADIUS/Diameter 
deployments, all RADEXT WG work items except those that just define new 
attributes MUST contain a Diameter compatibility section, outlining how 
interoperability with Diameter will be maintained.

Furthermore, to ensure backward compatibility with existing RADIUS  
implementations, as well as compatibility between RADIUS and Diameter, 
the following restrictions are imposed on extensions considered by the 
RADEXT WG:

- All documents produced MUST specify means of interoperation with 
legacy RADIUS and, if possible, be backward compatible with existing 
RADIUS RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 
4668-4673,4675, 5080, 5090, 5176 and 6158. Transport profiles should, if 
possible, be compatible with RFC 3539.

Work Items
The immediate goals of the RADEXT working group are to address the 
following issues:

- RADIUS attribute space extension. The standard RADIUS attribute space 
is currently being depleted. This document will provide additional 
standard attribute space, while maintaining backward compatibility with 
existing attributes.

- IEEE 802 attributes. New attributes have been proposed to support IEEE 
802 standards for wired and wireless LANs. This work item will support 
authentication, authorization and accounting attributes needed by IEEE 
802 groups including IEEE 802.1, IEEE 802.11 and IEEE 802.16.

- New RADIUS transports. A reliable transport profile for RADIUS will be 
developed, as well as specifications for Secure transports, including 
TCP/TLS (RADSEC) and UDP/DTLS.

- Update and clarification of Network Access Identifiers (RFC4282). This 
work item will correct and clarify issues present with RFC4282 in two 
phases.  In first phase, RFC4282bis will be issued to eliminate 
fundamental incompatibilities with RADIUS around character encoding and 
NAI modifications by proxies.  In second phase, a fresh review of NAI 
internationalization requirements and behavior will be undertaken with a 
clear goal of maintaining compatibility with RADIUS.

- Fragmentation of RADIUS packets to support exchanges exceeding the 
existing 4KB limit imposed by RFC 2865.



Milestones:
  Done     - Updates to RFC 2618-2621 RADIUS MIBs submitted for
publication
  Done     - SIP RADIUS authentication draft submitted as a Proposed
Standard RFC
  Done     - RFC 2486bis submitted as a Proposed Standard RFC
  Done     - RFC 3576 MIBs submitted as an Informational RFC
  Done     - RADIUS VLAN and Priority Attributes draft submitted as a
Proposed Standard RFC (reduced in scope)
  Done     - RADIUS Implementation Issues and Fixes draft submitted as an
Informational RFC
  Done     - RADIUS Filtering Attributes draft submitted as a Proposed
Standard RFC (split out from VLAN & Priority draft)
  Done     - RFC 3576bis submitted as an Informational RFC (split out
from Issues & Fixes draft)
  Done     - RADIUS Redirection Attributes draft submitted as a Proposed
Standard RFC (split out from VLAN & Priority draft)
  Done     - RADIUS Design Guidelines submitted as a Best Current
Practice RFC
  Done     - RADIUS Management Authorization I-D submitted as a Proposed
Standard RFC
  Done     - Reliable Transport Profile for RADIUS I-D submitted as a
Proposed Standard RFC
  Done     - Status-Server I-D submitted as a Proposed Standard RFC
  Done     - RADSEC (RADIUS over TCP/TLS) draft submitted as an
Experimental RFC
  Done     - RADIUS Crypto-agility Requirements submitted as an
Informational RFC
  Dec 2012 - IPv6 Access I-D submitted as a Proposed Standard RFC
  Dec 2012 - RFC 4282bis submitted as a Proposed Standard RFC
  Dec 2012 - Extended Attributes I-D submitted as a Proposed Standard RFC
  Dec 2012 - Dynamic Discovery I-D submitted as a Proposed Standard RFC
  Dec 2012 - IEEE 802 Attributes I-D submitted as a Proposed Standard RFC
  Jan 2013 - RADIUS over DTLS I-D submitted as an Experimental RFC
  Feb 2013 - RADIUS packet fragmentation submitted as an Experimental RFC



Ballot Announcement