Loading in 2 Seconds...
Loading in 2 Seconds...
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Session Policy Framework using EAPdraft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro
Overview • Service providers may have policies that apply to the media types, codecs etc negotiated for SIP sessions. • SIP WG has defined a session policy framework that defines a policy channel for mobile device to communicate with a policy server to obtain session policies during SIP session establishment and modification • Currently uses SIP Event Notification mechanism (RFC 3265) to realise the policy channel • SIP Event Notification mechanism is not appropriate for bandwidth constrained links. • It is proposed to have an alternative realisation of the policy channel using a new EAP TLV. This could be also be used for other more general non SIP applications where clients need to obtain policies from a server using EAP.
Solution • Perform initial EAP exchange. • Store keying material from exchange, together with relevant state information. • Re-use ERP • Encapsulate the Session Policy Exchanges within a TLV (e.g. Policy Request & Info Answer). • TLV is carried within ERP • Determine media authorization information, at L2, in parallel to AAA authentication. • Media authorization can be implemented more efficiently using EAP/ERP
Initialisation • (1) EAP Method Exchange (tunnel initialization) • An EAP exchange is performed between the mobile device and the initial network component (e.g. Packet Data Gateway) with the authentication messages being forwarded to the home network AAA server. A suitable EAP method is used to establish a tunnel (e.g. EAP-FAST), from which the relevant ERP key material is derived for subsequent use. • (2) SIP registration with PCCh • Although not a part of the layer 2 exchange, it is worth showing that SIP registration between the mobile device and the PCCh (home PCC) occurs at this point. Subsequent SIP level flows are not shown.
Mobile Device Triggered • (3) EAP-Initiate/Re-auth-Start • An ERP exchange is performed between the mobile device and the INC (e.g. Packet Data Gateway) with the authentication messages being forwarded to the home AAA server. • (4) ERP (Policy Request) • The policy request message is then transported within ERP (typically using a TLV) to the INC, and then forwarded (using Diameter) to the PCCh. • (5) Policy-h • At the home AAA server, the home network policy is determined for subsequent SIP sessions. • (6) AAA (Policy Request) • The home AAA server, then requests policy information from all visited networks PCCs, through which the SIP session will traverse, utilizing a AAA Policy Request message. • (7) AAA (Policy Response) • Each visited PCC will then return its network policy back to the home network, where the session policy document is compiled. • (8) ERP (Policy Response) • The session policy document is returned to the INC and is then encapsulated within ERP, before being returned to the mobile device.
Network Triggered • (9) AAA (Policy Change) • A visited PCC changes the session policy (most likely whilst the mobile device session is on-going) and indicates to the home network server that a policy change has occurred. • (10) AAA (Policy Change Event) • The home network server, sends an Event message to the INC (most likely within Diameter) • (11) EAP Initiate/Re-auth-Start • The INC then requests the mobile device to execute ERP. • Message flow continues, as described in (4) and (8).
Future Work • How exactly is the ERP payload carried in the network • Diameter? • Do these messages need to be encrypted? • Can the EAP/ERP credentials be tied to the SIP session? • Requirements on mobile device? • Password • Certificate • Username
Relevant Documents • EAP • draft-mccann-session-policy-framework-using-eap-00 • SIP • draft-ietf-sip-session-policy-framework-06 • draft-ietf-sipping-media-policy-dataset-07