Session Authorization Policy Element
RFC 3520
Document | Type | RFC - Proposed Standard (April 2003; No errata) | |
---|---|---|---|
Authors | Louis Hamer , Hugh Shieh , Brett Kosinski , Bill Gage | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3520 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Bert Wijnen | ||
IESG note | published as RFC3520 | ||
Send notices to | (None) |
Network Working Group L-N. Hamer Request for Comments: 3520 B. Gage Category: Standards Track Nortel Networks B. Kosinski Invidi Technologies H. Shieh AT&T Wireless April 2003 Session Authorization Policy Element Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document describes the representation of a session authorization policy element for supporting policy-based per-session authorization and admission control. The goal of session authorization is to allow the exchange of information between network elements in order to authorize the use of resources for a service and to co-ordinate actions between the signaling and transport planes. This document describes how a process on a system authorizes the reservation of resources by a host and then provides that host with a session authorization policy element which can be inserted into a resource reservation protocol (e.g., the Resource ReSerVation Protocol (RSVP) PATH message) to facilitate proper and secure reservation of those resources within the network. We describe the encoding of session authorization information as a policy element conforming to the format of a Policy Data object (RFC 2750) and provide details relating to operations, processing rules and error scenarios. Hamer, et al. Standards Track [Page 1] RFC 3520 Session Authorization Policy Element April 2003 Table of Contents 1. Conventions used in this document..............................3 2. Introduction...................................................3 3. Policy Element for Session Authorization.......................4 3.1 Policy Data Object Format..................................4 3.2 Session Authorization Policy Element.......................4 3.3 Session Authorization Attributes...........................4 3.3.1 Authorizing Entity Identifier..........................6 3.3.2 Session Identifier.....................................7 3.3.3 Source Address.........................................7 3.3.4 Destination Address....................................9 3.3.5 Start time............................................10 3.3.6 End time..............................................11 3.3.7 Resources Authorized..................................11 3.3.8 Authentication data...................................12 4. Integrity of the AUTH_SESSION policy element..................13 4.1 Shared symmetric keys.....................................13 4.1.1 Operational Setting using shared symmetric keys.......13 4.2 Kerberos..................................................14 4.2.1. Operational Setting using Kerberos...................15 4.3 Public Key................................................16 4.3.1. Operational Setting for public key based authentication.......................................16 4.3.1.1 X.509 V3 digital certificates.....................17 4.3.1.2 PGP digital certificates..........................17 5. Framework.....................................................18 5.1 The coupled model.........................................18 5.2 The associated model with one policy server...............18 5.3 The associated model with two policy servers..............19 5.4 The non-associated model..................................19 6. Message Processing Rules......................................20 6.1 Generation of the AUTH_SESSION by the authorizing entity..20 6.2 Message Generation (RSVP Host)............................20 6.3 Message Reception (RSVP-aware Router).....................20 6.4 Authorization (Router/PDP)................................21 7. Error Signaling...............................................22 8. IANA Considerations...........................................22 9. Security Considerations.......................................24 10. Acknowledgments..............................................24Show full document text