Session Authorization Policy Element
RFC 3520
Document Type RFC - Proposed Standard (April 2003; No errata)
Authors Louis Hamer  , Hugh Shieh  , Brett Kosinski  , Bill Gage 
Last updated 2015-10-14
Stream Internent Engineering Task Force (IETF)
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3520 (Proposed Standard)
Action Holders
(None)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Bert Wijnen
IESG note published as RFC3520
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                         L-N. Hamer
Request for Comments: 3520                                       B. Gage
Category: Standards Track                                Nortel Networks
                                                             B. Kosinski
                                                     Invidi Technologies
                                                                H. Shieh
                                                           AT&T Wireless
                                                              April 2003

                 Session Authorization Policy Element

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document describes the representation of a session authorization
   policy element for supporting policy-based per-session authorization
   and admission control.  The goal of session authorization is to allow
   the exchange of information between network elements in order to
   authorize the use of resources for a service and to co-ordinate
   actions between the signaling and transport planes.  This document
   describes how a process on a system authorizes the reservation of
   resources by a host and then provides that host with a session
   authorization policy element which can be inserted into a resource
   reservation protocol (e.g., the Resource ReSerVation Protocol (RSVP)
   PATH message) to facilitate proper and secure reservation of those
   resources within the network.  We describe the encoding of session
   authorization information as a policy element conforming to the
   format of a Policy Data object (RFC 2750) and provide details
   relating to operations, processing rules and error scenarios.

Hamer, et al.               Standards Track                     [Page 1]
RFC 3520          Session Authorization Policy Element        April 2003

Table of Contents

   1. Conventions used in this document..............................3
   2. Introduction...................................................3
   3. Policy Element for Session Authorization.......................4
      3.1 Policy Data Object Format..................................4
      3.2 Session Authorization Policy Element.......................4
      3.3 Session Authorization Attributes...........................4
        3.3.1 Authorizing Entity Identifier..........................6
        3.3.2 Session Identifier.....................................7
        3.3.3 Source Address.........................................7
        3.3.4 Destination Address....................................9
        3.3.5 Start time............................................10
        3.3.6 End time..............................................11
        3.3.7 Resources Authorized..................................11
        3.3.8 Authentication data...................................12
   4. Integrity of the AUTH_SESSION policy element..................13
      4.1 Shared symmetric keys.....................................13
        4.1.1 Operational Setting using shared symmetric keys.......13
      4.2 Kerberos..................................................14
        4.2.1. Operational Setting using Kerberos...................15
      4.3 Public Key................................................16
        4.3.1. Operational Setting for public key based
               authentication.......................................16
          4.3.1.1 X.509 V3 digital certificates.....................17
          4.3.1.2 PGP digital certificates..........................17
   5. Framework.....................................................18
      5.1 The coupled model.........................................18
      5.2 The associated model with one policy server...............18
      5.3 The associated model with two policy servers..............19
      5.4 The non-associated model..................................19
   6. Message Processing Rules......................................20
      6.1 Generation of the AUTH_SESSION by the authorizing entity..20
      6.2 Message Generation (RSVP Host)............................20
      6.3 Message Reception (RSVP-aware Router).....................20
      6.4 Authorization (Router/PDP)................................21
   7. Error Signaling...............................................22
   8. IANA Considerations...........................................22
   9. Security Considerations.......................................24
   10. Acknowledgments..............................................24
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools