RADIUS EXTensions (radext)
--------------------------

 Charter
 Last Modified: 2007-05-21

 Current Status: Active Working Group

 Chair(s):
     Bernard Aboba  <Bernard_Aboba@hotmail.com>
     David Nelson  <d.b.nelson@comcast.net>

 Operations and Management Area Director(s):
     Dan Romascanu  <dromasca@avaya.com>
     Ronald Bonica  <rbonica@juniper.net>

 Operations and Management Area Advisor:
     Dan Romascanu  <dromasca@avaya.com>

 Technical Advisor(s):
     Paul Congdon  <paul.congdon@hp.com>

 Mailing Lists: 
     General Discussion:radiusext@ops.ietf.org
     To Subscribe:      radiusext-request@ops.ietf.org
         In Body:       In Body: subscribe
     Archive:           https://ops.ietf.org/lists/radiusext

Description of Working Group:

The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol required to enable its use in applications such as IP
telephony and Local Area Network authentication, authorization and
accounting.

The IETF has recently completed work on the Diameter Base protocol. In
order to support the deployment of Diameter, and enable interoperation
of heterogeneous RADIUS/Diameter deployments, all RADEXT WG work items
MUST contain a Diameter compatibility section, outlining how
interoperability with Diameter will be maintained.

Furthermore, to ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
the following restrictions are imposed on extensions considered by the
RADEXT WG:

- All RADIUS work MUST be backward compatible with existing RADIUS 
RFCs,
including RFCs 2618-2621, 2865-2869, 3162, 3575, 3576, 3579, and 3580.
- All RADIUS work MUST be compatible with equivalent facilities in
Diameter. Where possible, new attributes should be defined so that
the same attribute can be used in both RADIUS and Diameter without
translation. In other cases a translation considerations
section should be included in the specification.
- No new RADIUS transports (e.g. TCP, SCTP) will be defined.
- No new security mechanisms will be defined for protecting RADIUS.
- No new commands will be defined.

Work Items

The immediate goals of the RADEXT working group are to address the
following issues:

- RADIUS design guidelines. This document will provide guidelines for
design of RADIUS attributes. It will specifically consider how
complex data types may be introduced in a robust manner, maintaining
backwards compatibility with existing RADIUS RFCs, across all the
classes of attributes: Standard, Vendor-Specific and SDO-Specific.
In addition, it will review RADIUS data types and associated
backwards compatibility issues.

- RADIUS implementation issues and fixes. This document will address
common RADIUS implementation issues and describe proposed solutions.

- Revised NAI specification. This document, known as "RFC 2486bis"
will revise the NAI specification to correct known errors,
add support for privacy and internationalization, and provide
more details on routing.

- Pre-paid support. Prepaid services are contemplated in a number
of potential applications, including wireless LAN access and IP
telephony. In order to enable support of pre-paid services in
an interoperable way, the WG will provide definitions of the
attributes required to support operator service models for
pre-paid, as documented in liaison communications. This
document will include within it a specification for interoperation
with Diameter Credit Control.

- SIP support. RADIUS is currently used for SIP authentication,
authorization and accounting. Standardization of these attributes
will enable improved interoperability.

This document will be upwards compatible with the Diameter SIP
application, and conform to existing IETF RFCs on HTTP Digest,
including RFC 2617, 3261, and 3310.

- LAN attributes. New attributes have been proposed to enable use of
authentication, authorization and accounting in wired and
wireless LANs. Standardization of these attributes will enable
improved interoperability.

- RADIUS MIB update. RFC 2618-2621 lack IPv6 compatibility, and modest
changes are required to address this issue. MIBs for RFC 3576 are
also needed.

 Goals and Milestones:

   Done         Updates to RFC 2618-2621 RADIUS MIBs submitted for publication 

   Done         SIP RADIUS authentication draft submitted as a Proposed 
                Standard RFC 

   Done         RFC 2486bis submitted as a Proposed Standard RFC 

   Done         RFC 3576 MIBs submitted as an Informational RFC 

   Done         RADIUS VLAN and Priority Attributes draft submitted as a 
                Proposed Standard RFC (reduced in scope) 

   Jun 2006       RADIUS Design Guidelines and Extended Attributes drafts WGLC 

   Jun 2006       WLAN Attributes draft submitted as a Proposed Standard RFC 

   Sep 2006       RADIUS Implementation Issues and Fixes draft submitted as an 
                Informational RFC 

   Oct 2006       RADIUS Design Guidelines submitted as a Best Current Practice 
                RFC 

   Oct 2006       RADIUS Extended Attributes submitted as a Proposed Standard RFC 
                (split out from Design Guidelines draft) 

   Oct 2006       RADIUS Filtering Attributes draft submitted as a Proposed 
                Standard RFC (split out from VLAN & Priority draft) 

   Nov 2006       RFC 3576bis submitted as an Informational RFC (split out from 
                Issues & Fixes draft) 

   Dec 2006       RADIUS Redirection Attributes draft submitted as a Proposed 
                Standard RFC (split out from VLAN & Priority draft) 

   Dec 2006       RADIUS Crypto-agility draft (e.g. FIPS 140-2 compliance for 
                RADIUS) submitted as a Proposed Standard RFC (split out from 
                WLAN attributes draft) 

   Dec 2006       RADIUS Prepaid draft submitted as a Proposed Standard RFC 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Feb 2006 Jul 2007   <draft-ietf-radext-filter-rules-03.txt>
                RADIUS Attributes for Filtering and Redirection 

Jan 2007 Jul 2007   <draft-ietf-radext-rfc4590bis-02.txt>
                RADIUS Extension for Digest Authentication 

Jan 2007 Sep 2007   <draft-ietf-radext-fixes-08.txt>
                Common Remote Authentication Dial In User Service (RADIUS) 
                Implementation Issues and Suggested Fixes 

Jan 2007 Oct 2007   <draft-ietf-radext-rfc3576bis-13.txt>
                Dynamic Authorization Extensions to Remote Authentication Dial 
                In User Service (RADIUS) 

Aug 2007 Aug 2007   <draft-ietf-radext-management-authorization-00.txt>
                Remote Authentication Dial-In User Service (RADIUS) 
                Authorization for Network Access Server (NAS) Management 

Sep 2007 Sep 2007   <draft-ietf-radext-design-00.txt>
                RADIUS Design Guidelines 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4282Standard  Dec 2005    The Network Access Identifier 

RFC4372Standard  Jan 2006    Chargeable User Identity 

RFC4590 PS   Jul 2006    RADIUS Extension for Digest Authentication 

RFC4670 I    Aug 2006    RADIUS Accounting Client MIB for IPv6 

RFC4671 I    Aug 2006    RADIUS Accounting Server MIB for IPv6 

RFC4669 PS   Aug 2006    RADIUS Authentication Server MIB for IPv6 

RFC4668 PS   Aug 2006    RADIUS Authentication Client MIB for IPV6 

RFC4675 PS   Sep 2006    RADIUS Attributes for Virtual LAN and Priority Support 

RFC4673 I    Sep 2006    RADIUS Dynamic Authorization Server MIB 

RFC4672 I    Sep 2006    RADIUS Dynamic Authorization Client MIB 

RFC4818 PS   Apr 2007    RADIUS Delegated-IPv6-Prefix Attribute 

RFC4849 PS   Apr 2007    RADIUS Filter Rule Attribute