Mobile IP Working Group                                     F. Johansson
Internet-Draft                                               ipUnplugged
Expires: March 19, May 31, 2004                                       T. Johansson
                                                              Bytemobile
                                                      September 19,
                                                        December 1, 2003

     Mobile IPv4 Extension for AAA carrying Network Access Identifiers
                        draft-ietf-mip4-aaa-nai-00.txt
                    <draft-ietf-mip4-aaa-nai-01.txt>

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress." progress".

   The list of current Internet-Drafts can be accessed at http://
   www.ietf.org/ietf/1id-abstracts.txt.
   www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on March 19, May 31, 2004.

Copyright Notice

   Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

   When a mobile node moves between two foreign networks it has to be
   reauthenticated.
   re-authenticated. If for instance the home network has multiple
   Authentication Authorization and Accounting (AAA) servers the reauthentication
   re-authentication request may not be received by the same Home AAA
   server as previous authentication requests.  In order for the new
   Home AAA server to be able to forward the request to the correct Home
   Agent it has to know the identity of the Home Agent. This document
   defines a Mobile IP extension that enables carries identities in the form of
   Network Access Identifiers (NAIs), which may be used by an HA to pass
   its identity to the mobile node which can then pass it on to the new
   AAA server when changing point of attachment. This extension may also
   be used in other situations requiring communication of a NAI between
   Mobile IP nodes.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

   2.  Requirements terminology . . . . . . . . . . . . . . . . . . .  3

   3.  AAA  NAI Carrying Extension . . . . . . . . . . . . . . . . . . . . . .  4
         3.1 Processing of the AAA NAI Carrying Extension . . . . . . . . . .  5

   4.  HA Identity subtype  . . . . . . . . . . . . . . . . . . . . .  5

   5.  AAAH Identity subtype  . . . . . . . . . . . . . . . . . . . .  6

   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6

   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7

   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  7

       Normative References . . . . . . . . . . . . . . . . . . . . .  7

       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . .  8

       Intellectual Property and Copyright Statements . . . . . . . .  9

1. Introduction

   When building networks one would like to be able to have redundancy.
   In order to achieve this, one might place multiple AAA servers in one
   domain. When a mobile node registers via a visited network the
   authentication will be handled by one of the AAA servers in the home
   domain. At a later point, when the mobile node moves to another
   visited domain it again has to be authenticated. However, due to the
   redundancy offered by the AAA protocol, it can not be guaranteed that
   the authentication will be handled by the same AAAH server as the
   previous one which can result in the new AAAH not knowing which HA
   the session was assigned to. This document defines a Mobile IP
   extension which can be used to distribute the information needed to
   resolve this.

   To solve this the home agent MUST include the NAI of the AAAH server
   in the registration reply message, which the mobile node then MUST
   include in every subsequent registration request sent to a foreign
   agent when changing point of attachment.

   Furthermore, the only information that is normally available about
   the home agent in the registration request is the IP address as
   defined in RFC 3344 [1]. This is unfortunately not enough, since the
   AAA infrastructure needs to know the FQDN identity of the home agent
   to be able to correctly handle the assignment of home agent. A
   reverse DNS lookup would only disclose the identity of the Mobile IP
   interface for that HA IP address, which may or may not have a
   one-to-one correspondence with the home agent FQDN identity. This is
   the reason why the HA also includes its own identity in the
   registration reply. It can then be included by the mobile node in the
   coming registration requests when changing point of attachment.

2. Requirements terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [4].

   The Mobile IP related terminology described in RFC 3344 [1] is used
   in this document.  In addition, the following terms are used:

   AAAH
      One of possible several AAA Servers in the Home Network

   FQDN
      Fully Qualified Domain Name.

   Identity
      The identity of a node is equal to its FQDN.

   NAI
      Network Access Identifier [2].

3. AAA NAI Carrying Extension

   This section defines the AAA NAI Carrying Extension which may be carried used in
   Mobile IP Registration Request and Reply messages messages, and also in Mobile
   IP Agent Advertisements [1]. The extension may be used by any node
   that wants to send identity information in the form of a NAI [3].
   This document also defines some subtype numbers which identify the
   specific type of NAI as a HA identity carried, in Section 4 and a Home AAA identity,
   respectively. Section 5.  It is
   expected that other types of NAI will be defined by other documents
   in the future.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |   Length      |   Sub-Type    |    NAI ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

            (Type to be assigned by IANA) (skippable) [1]

   Length   8-bit unsigned integer. Length of the extension, in octets,
            excluding the extension Type and the extension Length
            fields.  This field MUST be set to 1 plus the total length
            of the NAI field.

   Sub-Type This field describes the particular type of the entity NAI which owns is
            carried in the
            NAI.  The following subtypes are defined:

            1    HA Identity NAI (Section 4)

            2    AAAH Identity NAI (Section 5) field.

   NAI      Contains the NAI [2] in a string format.

3.1 Processing of the AAA NAI Carrying Extension

   When a mobile node or home agent adds a AAA NAI extension Carrying Extension to a
   registration message, the extension MUST appear prior to any
   authentication extensions.

   In the event the foreign agent adds an AAA a NAI extension Carrying Extension to a
   registration message, the extension MUST appear prior to any
   authentication extensions added by the FA.

   If an HA has appended an AAA a NAI extension Carrying Extension to a Registration
   Reply to an MN, and does not receive the NAI extension in subsequent
   Registration Request messages from the MN, the HA can assume that the
   MN does not understand this NAI extension.  In this case, the HA
   SHOULD NOT append this NAI extension to further Registration Reply
   messages to the MN.

4. HA Identity subtype

   The HA identity uses subtype 1 of the AAA NAI Carrying Extension.  It
   contains the NAI of the HA in the form hostname@realm.  Together the
   hostname and realm forms the complete FQDN (hostname.realm) of the
   HA.

   The

   A Home Agent using this extension MUST provide this it in the first
   Registration Reply sent to the a Mobile Node destined through the AAA infrastructure. which is not currently
   registered.  The extension only need to be included in subsequent
   Registration Replies if the same extension is included in
   Registration Requests received from the same Mobile Node.

   A mobile node that recieves using this extension MUST, if it receives in a
   registration reply
   message MUST message, provide it in every subsequent
   registration request when re-authentication is needed. If the mobile
   node requests a specific home agent and it has the information
   available it MUST provide this extension in its initial registration
   request.

   A foreign agent which receives the Home Agent NAI by this extension
   in a registration request SHOULD include the Home Agent NAI when
   requesting Mobile Node authentication through the AAA infrastructure
   if the AAA protocol used can carry the information.

5. AAAH Identity subtype

   The AAAH identity uses subtype 2 of the AAA NAI Carrying Extension. It
   contains the NAI of the home AAA server in the form hostname@realm.
   Together the hostname and realm forms the complete FQDN
   (hostname.realm) of the home AAA server.

   If there exists several AAA servers in the Home Network, the a Home Agent
   providing AAAH selection support according to this document MUST
   provide this the AAAH identity in the first Registration Reply sent to the
   Mobile Node. The extension only need to be included in subsequent
   Registration Replies if the same extension is included in
   Registration Requests received from the same Mobile Node.

   A mobile node MUST always save the latest AAAH Identity received in a
   registration reply message and MUST provide the AAAH Identity in
   every registration request sent when re-authenticating.

   A foreign agent which receives the AAAH NAI by this extension in a
   registration request SHOULD include the AAAH NAI provided when
   requesting Mobile Node authentication through the AAA infrastructure
   if the AAA protocol used can carry the information.

6. Security Considerations

   This specification introduces new Mobile IP extensions that are used
   to carry mobility agent and AAA server identities, in the form of
   Network Access Identifiers.  It is assumed that the  The Mobile IP messages that would carry these extensions would this
   extension MUST be authenticated in
   the manner that is as described in [4], or any follow-on [3], unless other
   authentication
   mechanisms. methods have been agreed upon. Therefore, this
   specification does not lessen the security of Mobile IP messages.

   It should be noted that the identities sent in the extensions
   specified herein MAY be sent in the clear over the network.  However,
   the authors do not envision that this information would create any
   security issues.

7. IANA Considerations

   This document defines one new mobile IP extension, and one new Mobile
   IP extension sub-type numbering space to be managed by IANA.

   Section 3 defines a new Mobile IP extension, the Mobile IP AAA NAI
   Carrying Extension.  The type number for this extension is [TBD,
   assigned by IANA].  This extension introduces a new sub-type
   numbering space where the values 1 and 2 has been assigned values in
   this document.  Approval of new Mobile IP AAA NAI Carrying Extension
   sub-type numbers is subject to Expert Review, and a specification is
   required [5].

   The content and format for this extension is not specific to AAA
   NAIs, so if in the future new NAIs are defined which does not
   strictly fall within the category of AAA NAIs, they may nevertheless
   be accommodated within the subtype numbering space defined for the
   NAI Carrying Extension defined in this document.

   The value assigned to the AAA NAI Carrying Extension should be taken from
   the IANA number space for Mobile IPv4 skippable extensions.

8. Acknowledgements

   Thanks to the original authors of the GNAIE draft, Mohamed M Khalil,
   Emad Qaddoura, Haseeb Akhtar, Pat R. Calhoun.  The original draft was
   removed from the MIP WG charter when no use was seen for the
   extension. The original ideas has been reused in this draft.

   Also thanks to Henrik Levkowetz and Kevin Purser for valuable
   feedback and help when writing this draft.

Normative References

   [1]  Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August
        2002.

   [2]  Aboba, B. and M. Beadles, "The Network Access Identifier", RFC
        2486, January 1999.

   [3]  Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier
        Extension for IPv4", RFC 2794, March 2000.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

   [5]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
        Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

Authors' Addresses

   Fredrik Johansson
   ipUnplugged AB
   Arenavagen 23
   Stockholm  S-121 28
   SWEDEN

   Phone: +46 8 725 5916
   EMail: fredrik@ipunplugged.com

   Tony Johansson
   Bytemobile Inc
   2029 Stierlin Court
   Mountain View, CA  94043
   USA

   Phone: +1 650 862 0523
   EMail: tony.johansson@bytemobile.com

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights. Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11. Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard. Please address the information to the IETF Executive
   Director.

Full Copyright Statement

   Copyright (C) The Internet Society (2003). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.