1

RADIUS Attribute Harmonization and Informational guidelines for

PWLAN

Farid AdrangiFarid AdrangiIntel CorporationIntel Corporation

( farid.adrangi@intel.com )( farid.adrangi@intel.com )

2

RADIUS Attributes Harmonization for PWLAN

• Motivation– RADIUS is a key component for successful deployments of Public Wireless LAN

(PWLAN)– Additional attributes are needed for RADIUS AAA in Public Wireless LANs (PWLAN).– Common understanding and standardization of these attributes is needed among

various standard forum and groups (e.g., 3GPP, 3GPP2, WiFi Public Access, GSMA, IPDR)

– Prevent fragmentation and promote multi-vendor and multi-operator interoperability• Current attributes

– Location and operational ownership for PWLAN AN– Generic Application capability– Redirect – IP address type option capabilities– DNS Server IP address– Network Bandwidth Capabilities– Remote Destination IP address

• IETF draft – Draft-adrangi-RADIUS-Attributes-Extension-for-PWLAN-00.txt

3

RADIUS Informational Guidelines for PWLAN

• Rationale– Identify Required RADIUS RFCs for PWLAN– Identify required Attributes for PWLAN– Clarify usage model / interpretation of

attributes for PWLAN

• IETF draft draft will be submitted

4

Next Step

• IETF Review of currently proposed attributes– The draft is under revision - a revised version

will be submitted soon

• IETF guidelines on how we can expedite standardization of the attributes

5

Backup …

6

Location and Operational Ownership Attributes

• Rationale – Location aware billing – Location aware services– Location aware authentication– Easier integration into existing inter-operator billing systems

• Attributes – Access Network operator_name

• Globally unique and coordinated identifiers for operators • E.g. TADIG code, NCC and MNC codes, or Realm – switch able with prefix

escape codes (e.g. 00%REALM%…)– Access Network Location-name 

• Contains E.164 Country Code, Telephone Area Code, City, and Access Network Type

– Access Network Location-info  • Contains descriptive string about the hotspot to be printed into subscribers’

detailed bill

7

Generic RADIUS Application Capability Attribute

• Rationale– Enable a home RADIUS server to discover capabilities of a

RADIUS client – The capabilities indicate standard-based applications (e.g.,

existing dynamic authorization Extension to Remote [5], future prepaid accounting model, etc.)

• Attribute– Contains a comma-delimited list of URIs. – The URIs include a FQDN corresponding to the organization

responsible for the document or standard to which compliance is claimed.

For example:– www.ietf.org/rfc/3580;2548;2607– www.3GPP.org/Release6.

8

Redirect Attribute

• Rationale– Enables home network to redirect the

subscribers traffic to a specified server such as a web server. This feature is useful in situations such as replenishing a subscriber prepaid account etc.

• The attribute should be available to be sent in Access Accept and CoA.

9

IP Address Type Options Attribute

• Rationale– Specify whether a routable (public) or non-routable

(private) IP address should be assigned to a PWLAN client.

• Attribute– Used by Access Network (in Access-Request) to

indicate what IP address type options (private vs. public) are supported by an Access Network

– Used by a Home Network (in Access-Accept) to specify what type of IP address (private, public) must be assigned to the PWLAN subscriber.

10

Network Bandwidth Rate Attributes

• Rationale– Enable home network to specify network bandwidth

range (min, max) to be used for a PWLAN subscriber

• Attribute(s)– Used (by Access Network) to indicate available

Network bandwidth. – Used (by home network) to specify the desired

network bandwidth rates (min, max) for a PWLAN subscriber

– Used for accounting purposes

11

Support for Specifying DNS server Address

• Rationale– Specify the DNS server IP address to be used

by PWLAN subscriber.

• Attribute– Used (by home network) to specify a DNS

server IP address for a PWLAN subscriber

12

Remote IP services Attribute

• Rationale– Enable a home network to restrict its subscribers

accessing to certain remote IP addresses based on their subscription profiles.

– Enable home network to audit remote IP addresses that its subscribers may connect to for accounting purposes.

• Attribute– Contains one or more IP addresses (IP address range

can be used), One or more port numbers