Network Access Server Requirements (nasreq) ------------------------------------------- Charter Last Modified: 2002-03-14 Current Status: Active Working Group Chair(s): David Mitton Mark Beadles Operations and Management Area Director(s): Randy Bush Bert Wijnen Operations and Management Area Advisor: Randy Bush Editor(s): Bernard Aboba Mailing Lists: General Discussion:nasreq@ops.ietf.org To Subscribe: nasreq-request@ops.ietf.org In Body: (un)subscribe Archive: http://ops.ietf.org/lists/nasreq/ Description of Working Group: The purpose of this group is to gather and process the requirements of modern Network Access Servers (NAS) with respect to user-based service Authentication, Authorization, and usage Accounting. Services being considered go beyond simple dial-in access, and include Virtual Private Network support, smart authentication methods, and roaming concerns. The common thread is demand-based dynamic services requested within a user authentication model, viewing the NAS as a tool for implementing network policy and security. The RADIUS protocol was developed in response to the previous incar- nation of the Network Access Servers Requirements (NASREQ) BOFs. The protocol was a simple but flexible solution to many of the require- ments in terminal and network access servers at the time. The RADIUS Working Group is about to conclude its work on the basic protocol, but NAS development continues at a rapid pace, and implementations are trying to use more standards now than when RADIUS began. As we add more services to NAS boxes, the RADIUS protocol is often stretched and bent well beyond the original design goals, and often fails to deliver the desired reliability, functionality, or security. As NAS installations become larger and more complex, and as NAS services are virtualized in other servers, the services being authorized require more sophisticated mechanisms for coordinating policy and resource state across multiple systems and servers. The group will work closely with other Working Groups (including roamops, pppext, policy, et al.), to serve as input for the group's requirements and to identify candidate protocols which may meet those requirements. This group will document all of the current requirements for services which fully meet the needs of modern and next generation NAS systems. Goals and Work items: The first goal of the group will be to collect and organize functional requirements. The focus of the requirements will center on NAS user authorization. Functions provided adequately by other standardized protocols will be documented as such. Requirements will be generated by the members of the BOF/WG, with input from the RADIUS WG, the RoamOps WG, the AAA BOF/WG, and other groups as required. The output of this effort will be an informational requirements document. In parallel, another document will be a survey of the current practices that NAS vendors and deployers are engaging in to provide similar services, using extensions to RADIUS or pro- prietary protocols. The output will become an informational survey document. The group will review current draft work on RADIUS extension or successor protocols and determine their suitability to meeting the WG's requirements. The output of this effort will be an informational document detailing the evaluation and recommendations. The charter of the group will be reviewed at that time, and adjusted according to any new work items and directions. Goals and Milestones: Done Submit first draft of requirements as an Internet-Draft Done Submit first draft of practices as an Internet-Draft Done Submit practices document to IESG requesting publication as an RFC Done Submit requirements document to IESG requesting publication as an RFC Done Meet at DC IETF (Decide on recommendations for final document) Jan 00 Review/update WG charter Internet-Drafts: No Current Internet-Drafts. Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC2058 PS Jan 97 Remote Authentication Dial In User Service (RADIUS) RFC2882 I Aug 00 Network Access Servers Requirements: Extended RADIUS Practices RFC2881 I Aug 00 Network Access Server Requirements Next Generation (NASREQNG)NAS Model RFC3169 I Sep 01 Criteria for Evaluating Network Access Server Protocols