To send the values configured in this profile to clients, you must associate this profile with an advertisement profile, then associate the advertisement profile with a hotspot 2. Name of the NAI realm. The specified authentication ID uses credential authentication. Justification for the specific reference:. Relationship with other existing or emerging documents:. Other for any supplementary information: Committed to connecting the world.
|Published (Last):||16 February 2017|
|PDF File Size:||12.71 Mb|
|ePub File Size:||13.40 Mb|
|Price:||Free* [*Free Regsitration Required]|
Lior Bridgewater Systems J. Korhonen Teliasonera J. Loughney Nokia January Chargeable User Identity Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements.
Please refer to the current edition of the "Internet Official Protocol Standards" STD 1 for the standardization state and status of this protocol. Distribution of this memo is unlimited. This attribute can be used by a home network to identify a user for the purpose of roaming transactions that occur outside of the home network. Table of Contents 1. CUI Attribute Attribute Table Diameter Consideration IANA Considerations Security Considerations Normative References Informative References In these methods, the User-Name 1 attribute contains an anonymous identity e.
While this mechanism is good practice in some circumstances, there are problems if local and intermediate networks require a surrogate identity to bind the current session. Chargeable-User-Identity can be used outside the home network in scenarios that traditionally relied on User-Name 1 to correlate a session to a user.
For example, local or intermediate networks may limit the number of simultaneous sessions for specific users; they may require a Chargeable-User-Identity in order to demonstrate willingness to pay or otherwise limit the potential for fraud. This implies that a unique identity provided by the home network should be able to be conveyed to all parties involved in the roaming transaction for correlating the authentication and accounting packets.
Providing a unique identity, Chargeable-User-Identity CUI , to intermediaries, is necessary to fulfill certain business needs. This should not undermine the anonymity of the user. The mechanism provided by this document allows the home operator to meet these business requirements by providing a temporary identity representing the user and at the same time protecting the anonymity of the user. When the home network assigns a value to the CUI, it asserts that this value represents a user in the home network.
The assertion should be temporary -- long enough to be useful for the external applications and not too long such that it can be used to identify the user. Missing elements include mechanisms for billing and fraud prevention. Adrangi, et al. A chargeable identity reflecting the user profile by the home network is needed in such roaming scenarios. Motivation Some other mechanisms have been proposed in place of the CUI attribute.
These mechanisms are insufficient or cause other problems. However, in a complex global roaming environment where there could be one or more intermediaries between the NAS [ RFC ] and the home RADIUS server, the use of aforementioned attributes could lead to problems as described below. Additionally, there could be multiple class attributes in a RADIUS packet, and since the contents of Class 25 attribute is not to be interpreted by clients, this makes it hard for the entities outside the home network to determine which one contains the CUI.
On the other hand, rewriting of a User-Name 1 attribute sent within an Access-Accept packet occurs more rarely, since a Proxy-State 33 attribute can be used to route the Access-Accept packet without parsing the User-Name 1 attribute. The result is that when a User-Name 1 attribute is sent in an Access-Accept packet, it is possible that the Access-Request packet and Accounting-Request packets will follow different paths.
The CUI therefore provides a standard approach to billing and fraud prevention when EAP methods supporting privacy are used. It does not solve all related problems, but does provide for billing and fraud prevention.
Typically, the CUI represents the identity of the actual user, but it may also indicate other chargeable identities such as a group of users. And, during Adrangi, et al. The Access-Request may be sent either in the initial authentication or during re-authentication. This string value is a reference to a particular user. The binding lifetime of the reference to the user is determined based on business agreements.
For example, the lifetime can be set to one billing period. In cases where the Adrangi, et al. Attribute Table The following table provides a guide to which attribute s may be found in which kinds of packets, and in what quantity. Diameter Consideration Diameter needs to define an identical attribute with the same Type value. CUI 89 6. Security Considerations It is strongly recommended that the CUI format used is such that the real user identity is not revealed. Furthermore, where a reference is used to a real user identity, it is recommended that the binding lifetime of that reference to the real user be kept as short as possible.
However, there is no way to detect or prevent this. Attempting theft of service, a man-in-the-middle may try to insert, modify, or remove the CUI in the Access-Accept packets and Accounting packets. References 8. This document is subject to the rights, licenses and restrictions contained in BCP 78 , and except as set forth therein, the authors retain all their rights.
Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard.
Please address the information to the IETF at ietf-ipr ietf. Standards Track [Page 10] Html markup produced by rfcmarkup 1.
IETF RFC 4282 PDF
Vudomuro Any explicit references within that referenced document should also be listed: Relationship with other existing or emerging documents:. Configure the following parameters as desired, then click Apply. Committed to connecting the world. For details, see Configuring Hotspot Advertisement Profiles. Other for any supplementary information: The hotspot realm uses EAP Notification messages for authentication. Configuring ANQP NAI Realm Profiles Iehf an existing profile from the list of profiles on the profile details pane or create a new profile by entering a profile name into the entry blank, then clicking Add. The realm name is often the domain name of the service provider.
Committed to connecting the world. Other for any supplementary information: Configure the following parameters as desired, then click Apply. EAP Method — Notification. Reserved for Future use. The hotspot realm uses EAP Notification messages for authentication.
Kitaxe Any explicit references within that referenced document should also be listed: The specified authentication ID uses credential authentication. EAP Method — Identity. Credential — Hardware Token. Justification for the specific reference: The degree of stability or maturity of the document: Any explicit references iehf that referenced document should also be listed:. EAP Method — Crypto-card. Justification for the specific reference:.
This document defines the syntax for the Network Access Identifier NAI , the user identifier submitted by the client prior to accessing resources. This document is a revised version of RFC It addresses issues with international character sets and makes a number of other corrections to RFC It represents the consensus of the IETF community.