RADIUS EXTensions (radext) -------------------------- Charter Last Modified: 2007-05-21 Current Status: Active Working Group Chair(s): Bernard Aboba David Nelson Operations and Management Area Director(s): Dan Romascanu Ronald Bonica Operations and Management Area Advisor: Dan Romascanu Technical Advisor(s): Paul Congdon Mailing Lists: General Discussion:radiusext@ops.ietf.org To Subscribe: radiusext-request@ops.ietf.org In Body: In Body: subscribe Archive: https://ops.ietf.org/lists/radiusext Description of Working Group: The RADIUS Extensions Working Group will focus on extensions to the RADIUS protocol required to enable its use in applications such as IP telephony and Local Area Network authentication, authorization and accounting. The IETF has recently completed work on the Diameter Base protocol. In order to support the deployment of Diameter, and enable interoperation of heterogeneous RADIUS/Diameter deployments, all RADEXT WG work items MUST contain a Diameter compatibility section, outlining how interoperability with Diameter will be maintained. Furthermore, to ensure backward compatibility with existing RADIUS implementations, as well as compatibility between RADIUS and Diameter, the following restrictions are imposed on extensions considered by the RADEXT WG: - All RADIUS work MUST be backward compatible with existing RADIUS RFCs, including RFCs 2618-2621, 2865-2869, 3162, 3575, 3576, 3579, and 3580. - All RADIUS work MUST be compatible with equivalent facilities in Diameter. Where possible, new attributes should be defined so that the same attribute can be used in both RADIUS and Diameter without translation. In other cases a translation considerations section should be included in the specification. - No new RADIUS transports (e.g. TCP, SCTP) will be defined. - No new security mechanisms will be defined for protecting RADIUS. - No new commands will be defined. Work Items The immediate goals of the RADEXT working group are to address the following issues: - RADIUS design guidelines. This document will provide guidelines for design of RADIUS attributes. It will specifically consider how complex data types may be introduced in a robust manner, maintaining backwards compatibility with existing RADIUS RFCs, across all the classes of attributes: Standard, Vendor-Specific and SDO-Specific. In addition, it will review RADIUS data types and associated backwards compatibility issues. - RADIUS implementation issues and fixes. This document will address common RADIUS implementation issues and describe proposed solutions. - Revised NAI specification. This document, known as "RFC 2486bis" will revise the NAI specification to correct known errors, add support for privacy and internationalization, and provide more details on routing. - Pre-paid support. Prepaid services are contemplated in a number of potential applications, including wireless LAN access and IP telephony. In order to enable support of pre-paid services in an interoperable way, the WG will provide definitions of the attributes required to support operator service models for pre-paid, as documented in liaison communications. This document will include within it a specification for interoperation with Diameter Credit Control. - SIP support. RADIUS is currently used for SIP authentication, authorization and accounting. Standardization of these attributes will enable improved interoperability. This document will be upwards compatible with the Diameter SIP application, and conform to existing IETF RFCs on HTTP Digest, including RFC 2617, 3261, and 3310. - LAN attributes. New attributes have been proposed to enable use of authentication, authorization and accounting in wired and wireless LANs. Standardization of these attributes will enable improved interoperability. - RADIUS MIB update. RFC 2618-2621 lack IPv6 compatibility, and modest changes are required to address this issue. MIBs for RFC 3576 are also needed. Goals and Milestones: Done Updates to RFC 2618-2621 RADIUS MIBs submitted for publication Done SIP RADIUS authentication draft submitted as a Proposed Standard RFC Done RFC 2486bis submitted as a Proposed Standard RFC Done RFC 3576 MIBs submitted as an Informational RFC Done RADIUS VLAN and Priority Attributes draft submitted as a Proposed Standard RFC (reduced in scope) Jun 2006 RADIUS Design Guidelines and Extended Attributes drafts WGLC Jun 2006 WLAN Attributes draft submitted as a Proposed Standard RFC Sep 2006 RADIUS Implementation Issues and Fixes draft submitted as an Informational RFC Oct 2006 RADIUS Design Guidelines submitted as a Best Current Practice RFC Oct 2006 RADIUS Extended Attributes submitted as a Proposed Standard RFC (split out from Design Guidelines draft) Oct 2006 RADIUS Filtering Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft) Nov 2006 RFC 3576bis submitted as an Informational RFC (split out from Issues & Fixes draft) Dec 2006 RADIUS Redirection Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft) Dec 2006 RADIUS Crypto-agility draft (e.g. FIPS 140-2 compliance for RADIUS) submitted as a Proposed Standard RFC (split out from WLAN attributes draft) Dec 2006 RADIUS Prepaid draft submitted as a Proposed Standard RFC Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Feb 2006 Mar 2007 RADIUS Attributes for Filtering and Redirection Jan 2007 Mar 2007 RADIUS Extension for Digest Authentication Jan 2007 Apr 2007 Common RADIUS Implementation Issues and Suggested Fixes Jan 2007 May 2007 Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC4282Standard Dec 2005 The Network Access Identifier RFC4372Standard Jan 2006 Chargeable User Identity RFC4590 PS Jul 2006 RADIUS Extension for Digest Authentication RFC4670 I Aug 2006 RADIUS Accounting Client MIB for IPv6 RFC4671 I Aug 2006 RADIUS Accounting Server MIB for IPv6 RFC4669 PS Aug 2006 RADIUS Authentication Server MIB for IPv6 RFC4668 PS Aug 2006 RADIUS Authentication Client MIB for IPV6 RFC4675 PS Sep 2006 RADIUS Attributes for Virtual LAN and Priority Support RFC4673 I Sep 2006 RADIUS Dynamic Authorization Server MIB RFC4672 I Sep 2006 RADIUS Dynamic Authorization Client MIB RFC4818 PS Apr 2007 RADIUS Delegated-IPv6-Prefix Attribute RFC4849 PS Apr 2007 RADIUS Filter Rule Attribute