Mobile IP Authentication, Authorization, and Accounting Requirements
RFC 2977
Network Working Group S. Glass
Request for Comments: 2977 Sun Microsystems
Category: Informational T. Hiller
Lucent Technologies
S. Jacobs
GTE Laboratories
C. Perkins
Nokia Research Center
October 2000
Mobile IP Authentication, Authorization, and Accounting Requirements
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
The Mobile IP and Authentication, Authorization, Accounting (AAA)
working groups are currently looking at defining the requirements for
Authentication, Authorization, and Accounting. This document
contains the requirements which would have to be supported by a AAA
service to aid in providing Mobile IP services.
1. Introduction
Clients obtain Internet services by negotiating a point of attachment
to a "home domain", generally from an ISP, or other organization from
which service requests are made, and fulfilled. With the increasing
popularity of mobile devices, a need has been generated to allow
users to attach to any domain convenient to their current location.
In this way, a client needs access to resources being provided by an
administrative domain different than their home domain (called a
"foreign domain"). The need for service from a foreign domain
requires, in many models, Authorization, which leads directly to
Authentication, and of course Accounting (whence, "AAA"). There is
some argument which of these leads to, or is derived from the others,
but there is common agreement that the three AAA functions are
closely interdependent.
Glass, et al. Informational [Page 1]
RFC 2977 Mobile IP AAA Requirements October 2000
An agent in a foreign domain, being called on to provide access to a
resource by a mobile user, is likely to request or require the client
to provide credentials which can be authenticated before access to
resources is permitted. The resource may be as simple as a conduit
to the Internet, or may be as complex as access to specific private
resources within the foreign domain. Credentials can be exchanged in
many different ways, all of which are beyond the scope of this
document. Once authenticated, the mobile user may be authorized to
access services within the foreign domain. An accounting of the
actual resources may then be assembled.
Mobile IP is a technology that allows a network node ("mobile node")
to migrate from its "home" network to other networks, either within
the same administrative domain, or to other administrative domains.
The possibility of movement between domains which require AAA
services has created an immediate demand to design and specify AAA
protocols. Once available, the AAA protocols and infrastructure will
provide the economic incentive for a wide-ranging deployment of
Mobile IP. This document will identify, describe, and discuss the
functional and performance requirements that Mobile IP places on AAA
protocols.
The formal description of Mobile IP can be found in [13,12,14,17].
In this document, we have attempted to exhibit requirements in a
progressive fashion. After showing the basic AAA model for Mobile
IP, we derive requirements as follows:
- requirements based on the general model
- requirements based on providing IP service for mobile nodes
- requirements derived from specific Mobile IP protocol needs
Then, we exhibit some related AAA models and describe requirements
derived from the related models.
2. Terminology
This document frequently uses the following terms in addition to
those defined in RFC 2002 [13]:
Accounting The act of collecting information on resource usage
for the purpose of trend analysis, auditing, billing,
or cost allocation.
Glass, et al. Informational [Page 2]
RFC 2977 Mobile IP AAA Requirements October 2000
Administrative Domain
An intranet, or a collection of networks, computers,
and databases under a common administration.
Computer entities operating in a common
administration may be assumed to share
administratively created security associations.
Show full document text