Authentication, Authorization, and Accounting (AAA) Goals for Mobile IPv6
RFC 5637

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    mext mailing list <mext@ietf.org>, 
    mext chair <mext-chairs@tools.ietf.org>
Subject: Document Action: 'AAA Goals for Mobile IPv6' to 
         Informational RFC 

The IESG has approved the following document:

- 'AAA Goals for Mobile IPv6 '
   <draft-ietf-mext-aaa-ha-goals-01.txt> as an Informational RFC

This document is the product of the Mobility EXTensions for IPv6 Working 
Group. 

The IESG contact persons are Jari Arkko and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-mext-aaa-ha-goals-01.txt

Technical Summary

 Mobile IPv6 provides the basic IP mobility functionality for
 IPv6.  When Mobile IPv6 is used in tightly managed environments with
 the use of the AAA (Authentication, Authorization and Accounting)
 infrastructure, an interface between Mobile IPv6 and AAA protocols
 needs to be defined.  Also, two scenarios for bootstrapping Mobile
 IPv6 service, i.e., split and integrated scenarios,
 require the specification of a message exchange between the HA and
 AAA infrastructure for authentication and authorization purposes and
 a message exchange between the AAA server and the NAS in order to
 provide the visited network with the necessary configuration
 information (e.g.  Home Agent address).

 This document describes various scenarios where a AAA interface is
 required.  Additionally, it lists design goals and requirements for
 the communication between the HA and the AAA server and the NAS and
 the AAA server needed in the split and integrated scenarios.
 Requirements are listed in case either IPsec or RFC 4285 is used
 for Mobile IPv6 authentication.

 This document only describes requirements, goals and scenarios.  It
 does not provide solutions. 

Working Group Summary

 This is a product of the MEXT WG.

Document Quality

  The document does not specify a protocol but a set
  of goals. As such there is no implementation of it, nor
  plans to implement it. There was however, a strong
  expression of interest in this document from the DIME
  WG which this document is an input to.

  There was a thorough review of the document from Hannes
  Tschofenig. 

Personnel

       The document shepherd is Marcelo Bagnulo.
       The responsible AD is Jari Arkko.

RFC Editor Note

In the abstract, change
s/AAA/Authentication, Authorization, and Accounting (AAA)/

In section 4.2, change:
s/AAAH/AAAH (AAA server in Home network)/

In Section 4.1

s/vailidity/validity/

In Section 4.2

s/The Home Agent can the assigned/The Home Agent can be assigned/

Also, make the following change:
 OLD:
 G4.4  The HA SHOULD be able to request the AAAH server to
     authenticate the MN with the value in the MN-AAA Mobility Message
     Authentication Option.

 NEW:
 G4.4  The HA supporting the Authentication Protocol MUST be able
      to request the AAAH server to authenticate the MN with the value
      in the MN-AAA Mobility Message Authentication Option.

and the following:
 OLD:
 G6.3  The ASP/MSP SHOULD be able to indicate to the MSA if it can
     allocate a Home Agent to the MN.  Therefore the NAS SHOULD be able
     to include suggested HA address in the ASP in the NAS - AAA
     interaction.
 NEW:
 G6.3  The ASP/MSP supporting the allocation of a Home Agent MUST be
     able to indicate to the MSA if it can
     allocate a Home Agent to the MN.  Therefore the NAS MUST be able
     to include suggested HA address in the ASP in the NAS - AAA
     interaction.

and finally, in Section 5.5, change:
 OLD:
 The AAAH SHOULD be able to indicate to the HA if the MN is
 authorized to autoconfigure its Home Address.
 NEW:
 The AAAH SHOULD be able to indicate to the HA if the MN is
 authorized to autoconfigure its Home Address.
 If the AAAH does not indicate to the HA if a MN is authorized to 
 autoconfigure its address, the MN is not authorized.