From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc3520.txt | 1683 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1683 insertions(+) create mode 100644 doc/rfc/rfc3520.txt (limited to 'doc/rfc/rfc3520.txt') diff --git a/doc/rfc/rfc3520.txt b/doc/rfc/rfc3520.txt new file mode 100644 index 0000000..3056c35 --- /dev/null +++ b/doc/rfc/rfc3520.txt @@ -0,0 +1,1683 @@ + + + + + + +Network Working Group L-N. Hamer +Request for Comments: 3520 B. Gage +Category: Standards Track Nortel Networks + B. Kosinski + Invidi Technologies + H. Shieh + AT&T Wireless + April 2003 + + + Session Authorization Policy Element + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2003). All Rights Reserved. + +Abstract + + This document describes the representation of a session authorization + policy element for supporting policy-based per-session authorization + and admission control. The goal of session authorization is to allow + the exchange of information between network elements in order to + authorize the use of resources for a service and to co-ordinate + actions between the signaling and transport planes. This document + describes how a process on a system authorizes the reservation of + resources by a host and then provides that host with a session + authorization policy element which can be inserted into a resource + reservation protocol (e.g., the Resource ReSerVation Protocol (RSVP) + PATH message) to facilitate proper and secure reservation of those + resources within the network. We describe the encoding of session + authorization information as a policy element conforming to the + format of a Policy Data object (RFC 2750) and provide details + relating to operations, processing rules and error scenarios. + + + + + + + + + + +Hamer, et al. Standards Track [Page 1] + +RFC 3520 Session Authorization Policy Element April 2003 + + +Table of Contents + + 1. Conventions used in this document..............................3 + 2. Introduction...................................................3 + 3. Policy Element for Session Authorization.......................4 + 3.1 Policy Data Object Format..................................4 + 3.2 Session Authorization Policy Element.......................4 + 3.3 Session Authorization Attributes...........................4 + 3.3.1 Authorizing Entity Identifier..........................6 + 3.3.2 Session Identifier.....................................7 + 3.3.3 Source Address.........................................7 + 3.3.4 Destination Address....................................9 + 3.3.5 Start time............................................10 + 3.3.6 End time..............................................11 + 3.3.7 Resources Authorized..................................11 + 3.3.8 Authentication data...................................12 + 4. Integrity of the AUTH_SESSION policy element..................13 + 4.1 Shared symmetric keys.....................................13 + 4.1.1 Operational Setting using shared symmetric keys.......13 + 4.2 Kerberos..................................................14 + 4.2.1. Operational Setting using Kerberos...................15 + 4.3 Public Key................................................16 + 4.3.1. Operational Setting for public key based + authentication.......................................16 + 4.3.1.1 X.509 V3 digital certificates.....................17 + 4.3.1.2 PGP digital certificates..........................17 + 5. Framework.....................................................18 + 5.1 The coupled model.........................................18 + 5.2 The associated model with one policy server...............18 + 5.3 The associated model with two policy servers..............19 + 5.4 The non-associated model..................................19 + 6. Message Processing Rules......................................20 + 6.1 Generation of the AUTH_SESSION by the authorizing entity..20 + 6.2 Message Generation (RSVP Host)............................20 + 6.3 Message Reception (RSVP-aware Router).....................20 + 6.4 Authorization (Router/PDP)................................21 + 7. Error Signaling...............................................22 + 8. IANA Considerations...........................................22 + 9. Security Considerations.......................................24 + 10. Acknowledgments..............................................24 + 11. Normative References.........................................25 + 12. Informative References.......................................27 + 13. Intellectual Property Statement..............................27 + 14. Contributors.................................................28 + 15. Authors' Addresses...........................................29 + 16. Full Copyright Statement.....................................30 + + + + + +Hamer, et al. Standards Track [Page 2] + +RFC 3520 Session Authorization Policy Element April 2003 + + +1. Conventions used in this document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in BCP 14, RFC 2119 + [RFC-2119]. + +2. Introduction + + RSVP [RFC-2205] is one example of a resource reservation protocol + that is used by a host to request specific services from the network + for particular application data streams or flows. RSVP requests will + generally result in resources being reserved in each router along the + data path. RSVP allows users to obtain preferential access to + network resources, under the control of an admission control + mechanism. Such admission control is often based on user or + application identity [RFC-3182], however, it is also valuable to + provide the ability for per-session admission control. + + In order to allow for per-session admission control, it is necessary + to provide a mechanism for ensuring use of resources by a host has + been properly authorized before allowing the reservation of those + resources. In order to meet this requirement, there must be + information in the resource reservation message which may be used to + verify the validity of the reservation request. This can be done by + providing the host with a session authorization policy element which + is inserted into the resource reservation message and verified by the + network. + + This document describes the session authorization policy element + (AUTH_SESSION) used to convey information about the resources + authorized for use by a session. The host must obtain an + AUTH_SESSION element from an authorizing entity via a session + signaling protocol such as SIP [RFC-3261]. The host then inserts the + AUTH_SESSION element into the resource reservation message to allow + verification of the network resource request; in the case of RSVP, + this element MUST be encapsulated in the Policy Data object [RFC- + 2750] of an RSVP PATH message. Network elements verify the request + and then process the resource reservation message based on admission + policy. + + [RFC-3521] describes a framework in which a session authorization + policy element may be utilized to contain information relevant to the + network's decision to grant a reservation request. + + + + + + + +Hamer, et al. Standards Track [Page 3] + +RFC 3520 Session Authorization Policy Element April 2003 + + +3. Policy Element for Session Authorization + +3.1 Policy Data Object Format + + The Session Authorization policy element conforms to the format of a + POLICY_DATA object which contains policy information and is carried + by policy based admission protocols such as RSVP. A detailed + description of the POLICY_DATA object can be found in "RSVP + Extensions for Policy Control" [RFC-2750]. + +3.2 Session Authorization Policy Element + + In this section we describe a policy element (PE) called session + authorization (AUTH_SESSION). The AUTH_SESSION policy element + contains a list of fields which describe the session, along with + other attributes. + + +-------------+-------------+-------------+-------------+ + | Length | P-Type = AUTH_SESSION | + +-------------+-------------+-------------+-------------+ + // Session Authorization Attribute List // + +-------------------------------------------------------+ + + Length: 16 bits + The length of the policy element (including the Length and P-Type) + is in number of octets (MUST be in multiples of 4) and indicates + the end of the session authorization information block. + + P-Type: 16 bits (Session Authorization Type) + AUTH_SESSION = 0x04 + The Policy element type (P-type) of this element. The Internet + Assigned Numbers Authority (IANA) acts as a registry for policy + element types as described in [RFC-2750]. + + Session Authorization Attribute List: variable length + The session authorization attribute list is a collection of + objects which describes the session and provides other information + necessary to verify the resource reservation request. An initial + set of valid objects is described in Section 3.3. + +3.3 Session Authorization Attributes + + A session authorization attribute may contain a variety of + information and has both an attribute type and subtype. The + attribute itself MUST be a multiple of 4 octets in length, and any + attributes that are not a multiple of 4 octets long MUST be padded to + a 4-octet boundary. All padding bytes MUST have a value of zero. + + + + +Hamer, et al. Standards Track [Page 4] + +RFC 3520 Session Authorization Policy Element April 2003 + + + +--------+--------+--------+--------+ + | Length | X-Type |SubType | + +--------+--------+--------+--------+ + | Value ... + +--------+--------+--------+--------+ + + Length: 16 bits + The length field is two octets and indicates the actual length of + the attribute (including Length, X-Type and SubType fields) in + number of octets. The length does NOT include any bytes padding + to the value field to make the attribute a multiple of 4 octets + long. + + X-Type: 8 bits + Session authorization attribute type (X-Type) field is one octet. + IANA acts as a registry for X-Types as described in section 7, + IANA Considerations. Initially, the registry contains the + following X-Types: + + 1 AUTH_ENT_ID The unique identifier of the entity which + authorized the session. + + 2 SESSION_ID Unique identifier for this session. + + 3 SOURCE_ADDR Address specification for the session + originator. + + 4 DEST_ADDR Address specification for the session + end-point. + + 5 START_TIME The starting time for the session. + + 6 END_TIME The end time for the session. + + 7 RESOURCES The resources which the user is authorized + to request. + + 8 AUTHENTICATION_DATA Authentication data of the session + authorization policy element. + + SubType: 8 bits + Session authorization attribute sub-type is one octet in length. + The value of the SubType depends on the X-Type. + + Value: variable length + The attribute specific information. + + + + + +Hamer, et al. Standards Track [Page 5] + +RFC 3520 Session Authorization Policy Element April 2003 + + +3.3.1 Authorizing Entity Identifier + + AUTH_ENT_ID is used to identify the entity which authorized the + initial service request and generated the session authorization + policy element. The AUTH_ENT_ID may be represented in various + formats, and the SubType is used to define the format for the ID. The + format for AUTH_ENT_ID is as follows: + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + AUTH_ENT_ID + + SubType + The following sub-types for AUTH_ENT_ID are defined. IANA acts as + a registry for AUTH_ENT_ID sub-types as described in section 7, + IANA Considerations. Initially, the registry contains the + following sub-types of AUTH_ENT_ID: + + 1 IPV4_ADDRESS IPv4 address represented in 32 bits + + 2 IPV6_ADDRESS IPv6 address represented in 128 bits + + 3 FQDN Fully Qualified Domain Name as defined in + RFC 1034 as an ASCII string. + + 4 ASCII_DN X.500 Distinguished name as defined in RFC + 2253 as an ASCII string. + + 5 UNICODE_DN X.500 Distinguished name as defined in RFC + 2253 as a UTF-8 string. + + 6 URI Universal Resource Identifier, as defined + in RFC 2396. + + 7 KRB_PRINCIPAL Fully Qualified Kerberos Principal name + represented by the ASCII string of a + principal followed by the @ realm name as + defined in RFC 1510 (e.g., + principalX@realmY). + + + + +Hamer, et al. Standards Track [Page 6] + +RFC 3520 Session Authorization Policy Element April 2003 + + + 8 X509_V3_CERT The Distinguished Name of the subject of + the certificate as defined in RFC 2253 as a + UTF-8 string. + + 9 PGP_CERT The PGP digital certificate of the + authorizing entity as defined in RFC 2440. + + OctetString + Contains the authorizing entity identifier. + +3.3.2 Session Identifier + + SESSION_ID is a unique identifier used by the authorizing entity to + identify the request. It may be used for a number of purposes, + including replay detection, or to correlate this request to a policy + decision entry made by the authorizing entity. For example, the + SESSION_ID can be based on simple sequence numbers or on a standard + NTP timestamp. + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + SESSION_ID + + SubType + No subtypes for SESSION_ID are currently defined; this field MUST + be set to zero. The authorizing entity is the only network entity + that needs to interpret the contents of the SESSION_ID therefore + the contents and format are implementation dependent. + + OctetString + Contains the session identifier. + +3.3.3 Source Address + + SOURCE_ADDR is used to identify the source address specification of + the authorized session. This X-Type may be useful in some scenarios + to make sure the resource request has been authorized for that + particular source address and/or port. + + + + + +Hamer, et al. Standards Track [Page 7] + +RFC 3520 Session Authorization Policy Element April 2003 + + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + SOURCE_ADDR + + SubType + The following sub types for SOURCE_ADDR are defined. IANA acts as + a registry for SOURCE_ADDR sub-types as described in section 7, + IANA Considerations. Initially, the registry contains the + following sub types for SOURCE_ADDR: + + 1 IPV4_ADDRESS IPv4 address represented in 32 bits + + 2 IPV6_ADDRESS IPv6 address represented in 128 bits + + 3 UDP_PORT_LIST list of UDP port specifications, + represented as 16 bits per list entry. + + 4 TCP_PORT_LIST list of TCP port specifications, + represented as 16 bits per list entry. + + OctetString + The OctetString contains the source address information. + + In scenarios where a source address is required (see Section 5), at + least one of the subtypes 1 through 2 (inclusive) MUST be included in + every Session Authorization Data Policy Element. Multiple + SOURCE_ADDR attributes MAY be included if multiple addresses have + been authorized. The source address field of the resource + reservation datagram (e.g., RSVP PATH) MUST match one of the + SOURCE_ADDR attributes contained in this Session Authorization Data + Policy Element. + + At most, one instance of subtype 3 MAY be included in every Session + Authorization Data Policy Element. At most, one instance of subtype + 4 MAY be included in every Session Authorization Data Policy Element. + Inclusion of a subtype 3 attribute does not prevent inclusion of a + subtype 4 attribute (i.e., both UDP and TCP ports may be authorized). + + If no PORT attributes are specified, then all ports are considered + valid; otherwise, only the specified ports are authorized for use. + + + +Hamer, et al. Standards Track [Page 8] + +RFC 3520 Session Authorization Policy Element April 2003 + + + Every source address and port list must be included in a separate + SOURCE_ADDR attribute. + +3.3.4 Destination Address + + DEST_ADDR is used to identify the destination address of the + authorized session. This X-Type may be useful in some scenarios to + make sure the resource request has been authorized for that + particular destination address and/or port. + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + DEST_ADDR + + SubType + The following sub types for DEST_ADDR are defined. IANA acts as a + registry for DEST_ADDR sub-types as described in section 7, IANA + Considerations. Initially, the registry contains the following + sub types for DEST_ADDR: + + 1 IPV4_ADDRESS IPv4 address represented in 32 bits + + 2 IPV6_ADDRESS IPv6 address represented in 128 bits + + 3 UDP_PORT_LIST list of UDP port specifications, + represented as 16 bits per list entry. + + 4 TCP_PORT_LIST list of TCP port specifications, + represented as 16 bits per list entry. + + OctetString + The OctetString contains the destination address specification. + + In scenarios where a destination address is required (see Section 5), + at least one of the subtypes 1 through 2 (inclusive) MUST be included + in every Session Authorization Data Policy Element. Multiple + DEST_ADDR attributes MAY be included if multiple addresses have been + authorized. The destination address field of the resource + + + + + +Hamer, et al. Standards Track [Page 9] + +RFC 3520 Session Authorization Policy Element April 2003 + + + reservation datagram (e.g., RSVP PATH) MUST match one of the + DEST_ADDR attributes contained in this Session Authorization Data + Policy Element. + + At most, one instance of subtype 3 MAY be included in every Session + Authorization Data Policy Element. At most, one instance of subtype + 4 MAY be included in every Session Authorization Data Policy Element. + Inclusion of a subtype 3 attribute does not prevent inclusion of a + subtype 4 attribute (i.e., both UDP and TCP ports may be authorized). + + If no PORT attributes are specified, then all ports are considered + valid; otherwise, only the specified ports are authorized for use. + + Every destination address and port list must be included in a + separate DEST_ADDR attribute. + +3.3.5 Start time + + START_TIME is used to identify the start time of the authorized + session and can be used to prevent replay attacks. If the + AUTH_SESSION policy element is presented in a resource request, the + network SHOULD reject the request if it is not received within a few + seconds of the start time specified. + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + START_TIME + + SubType + The following sub types for START_TIME are defined. IANA acts as + a registry for START_TIME sub-types as described in section 7, + IANA Considerations. Initially, the registry contains the + following sub types for START_TIME: + + 1 NTP_TIMESTAMP NTP Timestamp Format as defined in + RFC 1305. + + OctetString + The OctetString contains the start time. + + + + +Hamer, et al. Standards Track [Page 10] + +RFC 3520 Session Authorization Policy Element April 2003 + + +3.3.6 End time + + END_TIME is used to identify the end time of the authorized session + and can be used to limit the amount of time that resources are + authorized for use (e.g., in prepaid session scenarios). + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + END_TIME + + SubType + The following sub types for END_TIME are defined. IANA acts as a + registry for END_TIME sub-types as described in section 7, IANA + Considerations. Initially, the registry contains the following + sub types for END_TIME: + + 1 NTP_TIMESTAMP NTP Timestamp Format as defined in + RFC 1305. + + OctetString + The OctetString contains the end time. + +3.3.7 Resources Authorized + + RESOURCES is used to define the characteristics of the authorized + session. This X-Type may be useful in some scenarios to specify the + specific resources authorized to ensure the request fits the + authorized specifications. + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + RESOURCES + + + +Hamer, et al. Standards Track [Page 11] + +RFC 3520 Session Authorization Policy Element April 2003 + + + SubType + The following sub-types for RESOURCES are defined. IANA acts as a + registry for RESOURCES sub-types as described in section 7, IANA + Considerations. Initially, the registry contains the following + sub types for RESOURCES: + + 1 BANDWIDTH Maximum bandwidth (kbps) authorized. + + 2 FLOW_SPEC Flow spec specification as defined in RFC 2205. + + 3 SDP SDP Media Descriptor as defined in RFC 2327. + + 4 DSCP Differentiated services codepoint as defined in + RFC 2474. + + OctetString + The OctetString contains the resources specification. + + In scenarios where a resource specification is required (see Section + 5), at least one of the subtypes 1 through 4 (inclusive) MUST be + included in every Session Authorization Data Policy Element. + Multiple RESOURCE attributes MAY be included if multiple types of + resources have been authorized (e.g., DSCP and BANDWIDTH). + +3.3.8 Authentication data + + The AUTHENTICATION_DATA attribute contains the authentication data of + the AUTH_SESSION policy element and signs all the data in the policy + element up to the AUTHENTICATION_DATA. If the AUTHENTICATION_DATA + attribute has been included in the AUTH_SESSION policy element, it + MUST be the last attribute in the list. The algorithm used to + compute the authentication data depends on the AUTH_ENT_ID SubType + field. See Section 4 entitled Integrity of the AUTH_SESSION policy + element. + + A summary of AUTHENTICATION_DATA attribute format is described below. + + +-------+-------+-------+-------+ + | Length |X-Type |SubType| + +-------+-------+-------+-------+ + | OctetString ... + +-------+-------+-------+-------+ + + Length + Length of the attribute, which MUST be > 4. + + X-Type + AUTHENTICATION_DATA + + + +Hamer, et al. Standards Track [Page 12] + +RFC 3520 Session Authorization Policy Element April 2003 + + + SubType + No sub types for AUTHENTICATION_DATA are currently defined. This + field MUST be set to 0. + + OctetString + The OctetString contains the authentication data of the + AUTH_SESSION. + +4. Integrity of the AUTH_SESSION policy element + + This section describes how to ensure the integrity of the policy + element is preserved. + +4.1 Shared symmetric keys + + In shared symmetric key environments, the AUTH_ENT_ID MUST be of + subtypes: IPV4_ADDRESS, IPV6_ADDRESS, FQDN, ASCII_DN, UNICODE_DN or + URI. An example AUTH_SESSION policy element is shown below. + + +--------------+--------------+--------------+--------------+ + | Length | P-type = AUTH_SESSION | + +--------------+--------------+--------------+--------------+ + | Length |SESSION_ID | zero | + +--------------+--------------+--------------+--------------+ + | OctetString (The session identifier) ... + +--------------+--------------+--------------+--------------+ + | Length | AUTH_ENT_ID | IPV4_ADDRESS | + +--------------+--------------+--------------+--------------+ + | OctetString (The authorizing entity's Identifier) ... + +--------------+--------------+--------------+--------------+ + | Length |AUTH DATA. | zero | + +--------------+--------------+--------------+--------------+ + | KEY_ID | + +--------------+--------------+--------------+--------------+ + | OctetString (Authentication data) ... + +--------------+--------------+--------------+--------------+ + +4.1.1 Operational Setting using shared symmetric keys + + This assumes both the Authorizing Entity and the Network router/PDP + are provisioned with shared symmetric keys and with policies + detailing which algorithm to be used for computing the authentication + data along with the expected length of the authentication data for + that particular algorithm. + + Key maintenance is outside the scope of this document, but + AUTH_SESSION implementations MUST at least provide the ability to + manually configure keys and their parameters locally. The key used + + + +Hamer, et al. Standards Track [Page 13] + +RFC 3520 Session Authorization Policy Element April 2003 + + + to produce the authentication data is identified by the AUTH_ENT_ID + field. Since multiple keys may be configured for a particular + AUTH_ENT_ID value, the first 32 bits of the AUTH_DATA field MUST be a + key ID to be used to identify the appropriate key. Each key must + also be configured with lifetime parameters for the time period + within which it is valid as well as an associated cryptographic + algorithm parameter specifying the algorithm to be used with the key. + At a minimum, all AUTH_SESSION implementations MUST support the + HMAC-MD5-128 [RFC-2104], [RFC-1321] cryptographic algorithm for + computing the authentication data. New algorithms may be added by + the IETF standards process. + + It is good practice to regularly change keys. Keys MUST be + configurable such that their lifetimes overlap allowing smooth + transitions between keys. At the midpoint of the lifetime overlap + between two keys, senders should transition from using the current + key to the next/longer-lived key. Meanwhile, receivers simply accept + any identified key received within its configured lifetime and reject + those that are not. + +4.2 Kerberos + + In a Kerberos environment, the AUTH_ENT_ID MUST be of the subtype + KRB_PRINCIPAL. The KRB_PRINCIPAL field is defined as the Fully + Qualified Kerberos Principal name of the authorizing entity. + Kerberos [RFC-1510] authentication uses a trusted third party (the + Kerberos Distribution Center - KDC) to provide for authentication of + the AUTH_SESSION to a network server. It is assumed that a KDC is + present and both host and verifier of authentication information + (authorizing entity and router/PDP) implement Kerberos + authentication. + + An example of the Kerberos AUTH_DATA policy element is shown below. + + +--------------+--------------+--------------+--------------+ + | Length | P-type = AUTH_SESSION | + +--------------+--------------+--------------+--------------+ + | Length |SESSION_ID | zero | + +--------------+--------------+--------------+--------------+ + | OctetString (The session identifier) ... + +--------------+--------------+--------------+--------------+ + | Length | AUTH_ENT_ID | KERB_P. | + +--------------+--------------+--------------+--------------+ + | OctetString (The principal@realm name) ... + +--------------+--------------+--------------+--------------+ + + + + + + +Hamer, et al. Standards Track [Page 14] + +RFC 3520 Session Authorization Policy Element April 2003 + + +4.2.1. Operational Setting using Kerberos + + An authorizing entity is configured to construct the AUTH_SESSION + policy element that designates use of the Kerberos authentication + method (KRB_PRINCIPAL) as defined in RFC 1510. Upon reception of the + resource reservation request, the router/PDP contacts the local KDC, + with a KRB_AS_REQ message, to request credentials for the authorizing + entity (principal@realm). In this request, the client (router/PDP) + sends (in cleartext) its own identity and the identity of the server + (the authorizing entity taken from the AUTH_ENT_ID field) for which + it is requesting credentials. The local KDC responds with these + credentials in a KRB_AS_REP message, encrypted in the client's key. + The credentials consist of 1) a "ticket" for the server and 2) a + temporary encryption key (often called a "session key"). The + router/PDP uses the ticket to access the authorizing entity with a + KRB_AP_REQ message. The session key (now shared by the router/PDP + and the authorizing entity) is used to authenticate the router/PDP, + and is used to authenticate the authorizing entity. The session key + is an encryption key and is also used to encrypt further + communication between the two parties. The authorizing entity + responds by sending a concatenated message of a KRB_AP_REP and a + KRB_SAFE. The KRB_AP_REP is used to authenticate the authorizing + entity. The KRB_SAFE message contains the authentication data in the + safe-body field. The authentication data must be either a 16 byte + MD5 hash or 20 byte SHA-1 hash of all data in the AUTH_SESSION policy + element up to the AUTHENTICATION_DATA (note that when using Kerberos + the AUTH_SESSION PE should not include AUTHENTICATION_DATA as this is + sent in the KRB_SAFE message). The router/PDP independently computes + the hash, and compares it with the received hash in the user-data + field of the KRB-SAFE-BODY [RFC-1510]. + + At a minimum, all AUTH_SESSION implementations using Kerberos MUST + support the Kerberos des-cbc-md5 encryption type [RFC-1510] (for + encrypted data in tickets and Kerberos messages) and the Kerberos + rsa-md5-des checksum type [RFC-1510] (for the KRB_SAFE checksum) + checksum. New algorithms may be added by the IETF standards process. + Triple-DES encryption is supported in many Kerberos implementations + (although not specified in [RFC-1510]), and SHOULD be used over + single DES. + + For cases where the authorizing entity is in a different realm (i.e., + administrative domain, organizational boundary), the router/PDP needs + to fetch a cross-realm Ticket Granting Ticket (TGT) from its local + KDC. This TGT can be used to fetch authorizing entity tickets from + the KDC in the remote realm. Note that for performance + considerations, tickets are typically cached for extended periods. + + + + + +Hamer, et al. Standards Track [Page 15] + +RFC 3520 Session Authorization Policy Element April 2003 + + +4.3 Public Key + + In a public key environment, the AUTH_ENT_ID MUST be of the subtypes: + X509_V3_CERT or PGP_CERT. The authentication data is used for + authenticating the authorizing entity. An example of the public key + AUTH_SESSION policy element is shown below. + + +--------------+--------------+--------------+--------------+ + | Length | P-type = AUTH_SESSION | + +--------------+--------------+--------------+--------------+ + | Length |SESSION_ID | zero | + +--------------+--------------+--------------+--------------+ + | OctetString (The session identifier) ... + +--------------+--------------+--------------+--------------+ + | Length | AUTH_ENT_ID | PGP_CERT | + +--------------+--------------+--------------+--------------+ + | OctetString (Authorizing entity Digital Certificate) ... + +--------------+--------------+--------------+--------------+ + | Length |AUTH DATA. | zero | + +--------------+--------------+--------------+--------------+ + | OctetString (Authentication data) ... + +--------------+--------------+--------------+--------------+ + +4.3.1. Operational Setting for public key based authentication + + Public key based authentication assumes the following: + + - Authorizing entities have a pair of keys (private key and + public key). + + - Private key is secured with the authorizing entity. + + - Public keys are stored in digital certificates and a trusted + party, certificate authority (CA) issues these digital + certificates. + + - The verifier (PDP or router) has the ability to verify the + digital certificate. + + Authorizing entity uses its private key to generate + AUTHENTICATION_DATA. Authenticators (router, PDP) use the + authorizing entity's public key (stored in the digital certificate) + to verify and authenticate the policy element. + + + + + + + + +Hamer, et al. Standards Track [Page 16] + +RFC 3520 Session Authorization Policy Element April 2003 + + +4.3.1.1 X.509 V3 digital certificates + + When the AUTH_ENT_ID is of type X509_V3_CERT, AUTHENTICATION_DATA + MUST be generated following these steps: + + - A Signed-data is constructed as defined in section 5 of CMS + [RFC-3369]. A digest is computed on the content (as specified in + section 6.1) with a signer-specific message-digest algorithm. The + certificates field contains the chain of authorizing entity's + X.509 V3 digital certificates. The certificate revocation list is + defined in the crls field. The digest output is digitally signed + following section 8 of RFC 3447, using the signer's private key. + + When the AUTH_ENT_ID is of type X509_V3_CERT, verification MUST be + done following these steps: + + - Parse the X.509 V3 certificate to extract the distinguished name + of the issuer of the certificate. + - Certification Path Validation is performed as defined in section 6 + of RFC 3280. + - Parse through the Certificate Revocation list to verify that the + received certificate is not listed. + - Once the X.509 V3 certificate is validated, the public key of the + authorizing entity can be extracted from the certificate. + - Extract the digest algorithm and the length of the digested data + by parsing the CMS signed-data. + - The recipient independently computes the message digest. This + message digest and the signer's public key are used to verify the + signature value. + + This verification ensures integrity, non-repudiation and data origin. + +4.3.1.2 PGP digital certificates + + When the AUTH_ENT_ID is of type PGP_CERT, AUTHENTICATION_DATA MUST be + generated following these steps: + + - AUTHENTICATION_DATA contains a Signature Packet as defined in + section 5.2.3 of RFC 2440. In summary: + + - Compute the hash of all data in the AUTH_SESSION policy element + up to the AUTHENTICATION_DATA. + - The hash output is digitally signed following section 8 of + RFC 3447, using the signer's private key. + + + + + + + +Hamer, et al. Standards Track [Page 17] + +RFC 3520 Session Authorization Policy Element April 2003 + + + When the AUTH_ENT_ID is of type PGP_CERT, verification MUST be done + following these steps: + + - Validate the certificate. + - Once the PGP certificate is validated, the public key of the + authorizing entity can be extracted from the certificate. + - Extract the hash algorithm and the length of the hashed data by + parsing the PGP signature packet. + - The recipient independently computes the message digest. This + message digest and the signer's public key are used to verify the + signature value. + + This verification ensures integrity, non-repudiation and data origin. + +5. Framework + + [RFC-3521] describes a framework in which the AUTH_SESSION policy + element may be utilized to transport information required for + authorizing resource reservation for media flows. [RFC-3521] + introduces 4 different models: + + 1- the coupled model + 2- the associated model with one policy server + 3- the associated model with two policy servers + 4- the non-associated model. + + The fields that are required in an AUTH SESSION policy element + dependent on which of the models is used. + +5.1 The coupled model + + In the Coupled Model, the only information that MUST be included in + the policy element is the SESSION_ID; it is used by the Authorizing + Entity to correlate the resource reservation request with the media + authorized during session set up. Since the End Host is assumed to + be untrusted, the Policy Server SHOULD take measures to ensure that + the integrity of the SESSION_ID is preserved in transit; the exact + mechanisms to be used and the format of the SESSION_ID are + implementation dependent. + +5.2 The associated model with one policy server + + In this model, the contents of the AUTH_SESSION policy element MUST + include: + + - A session identifier - SESSION_ID. This is information that the + authorizing entity can use to correlate the resource reservation + request with the media authorized during session set up. + + + +Hamer, et al. Standards Track [Page 18] + +RFC 3520 Session Authorization Policy Element April 2003 + + + - The identity of the authorizing entity - AUTH_ENT_ID. This + information is used by the Edge Router to determine which + authorizing entity (Policy Server) should be used to solicit + resource policy decisions. + + In some environments, an Edge Router may have no means for + determining if the identity refers to a legitimate Policy Server + within its domain. In order to protect against redirection of + authorization requests to a bogus authorizing entity, the + AUTH_SESSION MUST also include: + + - AUTHENTICATION_DATA. This authentication data is calculated over + all other fields of the AUTH_SESSION policy element. + +5.3 The associated model with two policy servers + + The content of the AUTH_SESSION Policy Element is identical to the + associated model with one policy server. + +5.4 The non-associated model + + In this model, the AUTH_SESSION MUST contain sufficient information + to allow the Policy Server to make resource policy decisions + autonomously from the authorizing entity. The policy element is + created using information about the session by the authorizing + entity. The information in the AUTH_SESSION policy element MUST + include: + + - Calling party IP address or Identity (e.g., FQDN) - SOURCE_ADDR + X-TYPE + - Called party IP address or Identity (e.g., FQDN) - DEST_ADDR + X-TYPE + - The characteristics of (each of) the media stream(s) authorized + for this session - RESOURCES X-TYPE + - The authorization lifetime - START_TIME X-TYPE + - The identity of the authorizing entity to allow for validation of + the token in shared symmetric key and Kerberos schemes - + AUTH_ENT_ID X-TYPE + - The credentials of the authorizing entity in a public-key + scheme - AUTH_ENT_ID X-TYPE + - Authentication data used to prevent tampering with the + AUTH_SESSION policy element - AUTHENTICATION_DATA + + + + + + + + + +Hamer, et al. Standards Track [Page 19] + +RFC 3520 Session Authorization Policy Element April 2003 + + + Furthermore, the AUTH_SESSION policy element MAY contain: + + - The lifetime of (each of) the media stream(s) - END_TIME X-TYPE + - Calling party port number - SOURCE_ADDR X-TYPE + - Called party port number - DEST_ADDR X-TYPE + + All AUTH_SESSION fields MUST match with the resource request. If a + field does not match, the request SHOULD be denied. + +6. Message Processing Rules + +6.1 Generation of the AUTH_SESSION by the authorizing entity + + 1. Generate the AUTH_SESSION policy element with the appropriate + contents as specified in section 5. + + 2. If authentication is needed, the entire AUTH_SESSION policy + element is constructed, excluding the length, type and subtype + fields of the AUTH_SESSION field. Note that the message MUST + include either a START_TIME or a SESSION_ID (See Section 9), to + prevent replay attacks. The output of the authentication + algorithm, plus appropriate header information, is appended to the + AUTH_SESSION policy element. + +6.2 Message Generation (RSVP Host) + + An RSVP message is created as specified in [RFC-2205] with the + following modifications. + + 1. RSVP message MUST contain at most one AUTH_SESSION policy element. + + 2. The AUTH SESSION policy element received from the authorizing + entity (Section 3.2) MUST be copied without modification into the + POLICY DATA object. + + 3. POLICY_DATA object (containing the AUTH_SESSION policy element) is + inserted in the RSVP message in the appropriate place. + +6.3 Message Reception (RSVP-aware Router) + + RSVP message is processed as specified in [RFC-2205] with following + modifications. + + 1. If router is policy aware then it SHOULD send the RSVP message to + the PDP and wait for response. If the router is policy unaware + then it ignores the policy data objects and continues processing + the RSVP message. + + + + +Hamer, et al. Standards Track [Page 20] + +RFC 3520 Session Authorization Policy Element April 2003 + + + 2. Reject the message if the response from the PDP is negative. + + 3. Continue processing the RSVP message. + +6.4 Authorization (Router/PDP) + + 1. Retrieve the AUTH_SESSION policy element. Check the PE type field + and return an error if the identity type is not supported. + + 2. Verify the message integrity. + + - Shared symmetric key authentication: The Network router/PDP + uses the AUTH_ENT_ID field to consult a table keyed by that + field. The table should identify the cryptographic + authentication algorithm to be used along with the expected + length of the authentication data and the shared symmetric key + for the authorizing entity. Verify that the indicated length + of the authentication data is consistent with the configured + table entry and validate the authentication data. + + - Public Key: Validate the certificate chain against the trusted + Certificate Authority (CA) and validate the message signature + using the public key. + + - Kerberos Ticket: If the AUTH_ENT_ID is of subtype + KRB_PRINCIPAL, Request a ticket for the authorizing entity + (principal@realm) from the local KDC. Use the ticket to access + the authorizing entity and obtain authentication data for the + message. + + 3. Once the identity of the authorizing entity and the validity of + the service request has been established, the authorizing + router/PDP MUST then consult its local policy tables (the contents + of which are a local matter) in order to determine whether or not + the specific request is authorized. To the extent to which these + access control decisions require supplementary information, + routers/PDPs MUST ensure that supplementary information is + obtained securely. An example of insecure access control + decisions would be if the authorizing party relies upon an + insecure database (such as DNS or a public LDAP directory) and + authorizes with a certificate or an FQDN. + + 4. Verify the requested resources do not exceed the authorized QoS. + + + + + + + + +Hamer, et al. Standards Track [Page 21] + +RFC 3520 Session Authorization Policy Element April 2003 + + +7. Error Signaling + + If a PDP fails to verify the AUTH_SESSION policy element then it MUST + return a policy control failure (Error Code = 02) to the PEP. The + error values are described in [RFC-2205] and [RFC-2750]. Also the + PDP SHOULD supply a policy data object containing an AUTH_DATA Policy + Element with A-Type=POLICY_ERROR_CODE containing more details on the + Policy Control failure [RFC-3182]. If RSVP is being used, the PEP + MUST include this Policy Data object in the outgoing RSVP Error + message. + +8. IANA Considerations + + Following the policies outlined in [IANA-CONSIDERATIONS], Standard + RSVP Policy Elements (P-type values) are assigned by IETF Consensus + action as described in [RFC-2750]. + + P-Type AUTH_SESSION is assigned the value 0x04. + + Following the policies outlined in [IANA-CONSIDERATIONS], session + authorization attribute types (X-Type)in the range 0-127 are + allocated through an IETF Consensus action; X-Type values between + 128-255 are reserved for Private Use and are not assigned by IANA. + + X-Type AUTH_ENT_ID is assigned the value 1. + X-Type SESSION_ID is assigned the value 2. + X-Type SOURCE_ADDR is assigned the value 3. + X-Type DEST_ADDR is assigned the value 4. + X-Type START_TIME is assigned the value 5. + X-Type END_TIME is assigned the value 6. + X-Type RESOURCES is assigned the value 7. + X-Type AUTHENTICATION_DATA is assigned the value 8. + + Following the policies outlined in [IANA-CONSIDERATIONS], + AUTH_ENT_ID SubType values in the range 0-127 are allocated through + an IETF Consensus action; SubType values between 128-255 are + reserved for Private Use and are not assigned by IANA. + + AUTH_ENT_ID SubType IPV4_ADDRESS is assigned the value 1. + SubType IPV6_ADDRESS is assigned the value 2. + SubType FQDN is assigned the value 3. + SubType ASCII_DN is assigned the value 4. + SubType UNICODE_DN is assigned the value 5. + SubType URI is assigned the value 6. + SubType KRB_PRINCIPAL is assigned the value 7. + SubType X509_V3_CERT is assigned the value 8. + SubType PGP_CERT is assigned the value 9. + + + + +Hamer, et al. Standards Track [Page 22] + +RFC 3520 Session Authorization Policy Element April 2003 + + + Following the policies outlined in [IANA-CONSIDERATIONS], + SOURCE_ADDR SubType values in the range 0-127 are allocated through + an IETF Consensus action; SubType values between 128-255 are + reserved for Private Use and are not assigned by IANA. + + SOURCE_ADDR SubType IPV4_ADDRESS is assigned the value 1. + SubType IPV6_ADDRESS is assigned the value 2. + SubType UDP_PORT_LIST is assigned the value 3. + SubType TCP_PORT_LIST is assigned the value 4. + + Following the policies outlined in [IANA-CONSIDERATIONS], + DEST_ADDR SubType values in the range 0-127 are allocated through an + IETF Consensus action; SubType values between 128-255 are reserved + for Private Use and are not assigned by IANA. + + DEST_ADDR SubType IPV4_ADDRESS is assigned the value 1. + SubType IPV6_ADDRESS is assigned the value 2. + SubType UDP_PORT_LIST is assigned the value 3. + SubType TCP_PORT_LIST is assigned the value 4. + + Following the policies outlined in [IANA-CONSIDERATIONS], + START_TIME SubType values in the range 0-127 are allocated through an + IETF Consensus action; SubType values between 128-255 are + reserved for Private Use and are not assigned by IANA. + + START_TIME SubType NTP_TIMESTAMP is assigned the value 1. + + Following the policies outlined in [IANA-CONSIDERATIONS], + END_TIME SubType values in the range 0-127 are allocated through an + IETF Consensus action; SubType values between 128-255 are reserved + for Private Use and are not assigned by IANA. + + END_TIME SubType NTP_TIMESTAMP is assigned the value 1. + + Following the policies outlined in [IANA-CONSIDERATIONS], + RESOURCES SubType values in the range 0-127 are allocated through an + IETF Consensus action; SubType values between 128-255 are reserved + for Private Use and are not assigned by IANA. + + RESOURCES SubType BANDWIDTH is assigned the value 1. + SubType FLOW_SPEC is assigned the value 2. + SubType SDP is assigned the value 3. + SubType DSCP is assigned the value 4. + + + + + + + + +Hamer, et al. Standards Track [Page 23] + +RFC 3520 Session Authorization Policy Element April 2003 + + +9. Security Considerations + + The purpose of this document is to describe a mechanism for session + authorization to prevent theft of service. + + Replay attacks MUST be prevented. In the non-associated model, the + AUTH_SESSION policy element MUST include a START_TIME field and the + Policy Servers MUST support NTP to ensure proper clock + synchronization. Failure to ensure proper clock synchronization will + allow replay attacks since the clocks of the different network + entities may not be in-synch. The start time is used to verify that + the request is not being replayed at a later time. In all other + models, the SESSION_ID is used by the Policy Server to ensure that + the resource request successfully correlates with records of an + authorized session. If a AUTH_SESSION is replayed, it MUST be + detected by the policy server (using internal algorithms) and the + request MUST be rejected. + + To ensure that the integrity of the policy element is preserved in + untrusted environments, the AUTHENTICATION_DATA attribute MUST be + included. + + In environments where shared symmetric keys are possible, they should + be used in order to keep the AUTH_SESSION policy element size to a + strict minimum. This is especially true in wireless environments + where the AUTH_SESSION policy element is sent + over-the-air. The shared symmetric keys authentication option MUST + be supported by all AUTH_SESSION implementations. + + If shared symmetric keys are not a valid option, the Kerberos + authentication mechanism is reasonably well secured and efficient in + terms of AUTH_SESSION size. The AUTH_SESSION only needs to contain + the principal@realm name of the authorizing entity. This is much + more efficient than the PKI authentication option. + + PKI authentication option provides a high level of security and good + scalability, however it requires the presence of credentials in the + AUTH_SESSION policy element which impacts its size. + +10. Acknowledgments + + We would like to thank Francois Audet, Don Wade, Hamid Syed, Kwok Ho + Chan and many others for their valuable comments. Special thanks to + Eric Rescorla who provided numerous comments and suggestions that + improved this document. + + In addition, we would like to thank S. Yadav, et al., for their + efforts on RFC 3182, as this document borrows from their work. + + + +Hamer, et al. Standards Track [Page 24] + +RFC 3520 Session Authorization Policy Element April 2003 + + +11. Normative References + + [ASCII] Coded Character Set -- 7-Bit American Standard + Code for Information Interchange, ANSI X3.4- + 1986. + + [X.509-ITU] ITU-T (formerly CCITT) Information technology + Open Systems Interconnection - The Directory: + Authentication Framework Recommendation X.509 + ISO/IEC 9594-8 + + [RFC-1034] Mockapetris, P., "Domain names - concepts and + facilities", STD 13, RFC 1034, November 1987. + + [RFC-1305] Mills, D., "Network Time Protocol (Version 3) + Specification, Implementation, and Analysis", + RFC 1305, March 1992. + + [RFC-1321] Rivest, R., "The MD5 Message-Digest Algorithm", + RFC 1321, April 1992. + + [RFC-1510] Kohl, J. and C. Neuman, "The Kerberos Network + Authentication Service (V5)", RFC 1510, + September 1993. + + [RFC-2104] Krawczyk, H., Bellare, M. and R. Canetti, + "HMAC: Keyed-Hashing for Message + Authentication", RFC 2104, February 1997. + + [RFC-2119] Bradner, S., "Key words for use in RFCs to + Indicate Requirement Levels", BCP 14, RFC 2119, + March 1997. + + [RFC-2205] Braden, R., Ed., Zhang, L., Berson, S., Herzog, + S. and S. Jamin, "Resource ReSerVation Protocol + (RSVP) - Version 1 Functional Specification", + RFC 2205, September 1997. + + [RFC-2209] Braden, R. and L. Zhang, "Resource ReSerVation + Protocol (RSVP) - Version 1 Message Processing + Rules", RFC 2209, September 1997. + + [RFC-2253] Wahl, M., Kille, S. and T. Howes , "UTF-8 + String Representation of Distinguished Names", + RFC 2253, December 1997. + + [RFC-2279] Yergeau, F., "UTF-8, a transformation format of + ISO 10646", RFC 2279, January 1998. + + + +Hamer, et al. Standards Track [Page 25] + +RFC 3520 Session Authorization Policy Element April 2003 + + + [RFC-2327] Handley, M. and V. Jacobson, "SDP: Session + Description Protocol", RFC 2327, October 1998. + + [RFC-2396] Berners-Lee, T., Fielding, R., Masinter, L., + "Uniform Resource Identifiers (URI): Generic + Syntax", RFC 2396, August 1998. + + [RFC-2440] Callas, J., Donnerhacke, L., Finney, H. and R. + Thayer, "OpenPGP Message Format", RFC 2440, + November 1998. + + [RFC-2474] Nichols, K., Blake, S., Baker, F. and D. Black, + "Definition of the Differentiated Services + Field (DS Field) in the IPv4 and IPv6 Headers", + RFC 2474, December 1998. + + [RFC-2750] Herzog, S., "RSVP Extensions for Policy + Control", RFC 2750, January 2000. + + [RFC-2753] Yavatkar, R., Pendarakis, D. and R. Guerin, "A + Framework for Policy-based Admission Control + RSVP", RFC 2753, January 2000. + + [RFC-3182] Yadav, S., Yavatkar, R., Pabbati, R., Ford, P., + Moore, T., Herzog, S. and R. Hess, "Identity + Representation for RSVP", RFC 3182, October + 2001 + + [RFC-3280] Housley, R., Polk, W., Ford, W. and D. Solo, + "Internet X.509 Public Key Infrastructure + Certificate and Certificate Revocation List + (CRL) Profile", RFC 3280, April 2002. + + [RFC-3369] Housley, R., "Cryptographic Message Syntax", + RFC 3369, August 2002. + + [RFC-3447] Jonsson, J. and B. Kaliski, "Public-Key + Cryptography Standards (PKCS) #1: RSA + Cryptography Specifications Version 2.1", RFC + 3447, February 2003. + + [RFC-3521] Hamer, L.-N., Gage, B. and H. Shieh, "Framework + for Session Setup with Media Authorization", + RFC 3521, April 2003. + + + + + + + +Hamer, et al. Standards Track [Page 26] + +RFC 3520 Session Authorization Policy Element April 2003 + + +12. Informative References + + [IANA-CONSIDERATIONS] Alvestrand, H. and T. Narten, "Guidelines for + Writing an IANA Considerations Section in + RFCs", BCP 26, RFC 2434, October 1998. + + [RFC-3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., + Johnston, A., Peterson, J., Sparks, R., + Handley, M. and E. Schooler, "SIP: Session + Initiation Protocol", RFC 3261, June 2002. + +13. Intellectual Property Statement + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementors or users of this specification can + be obtained from the IETF Secretariat. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + + + + + + + + + + + + + + + + + + + +Hamer, et al. Standards Track [Page 27] + +RFC 3520 Session Authorization Policy Element April 2003 + + +14. Contributors + + Matt Broda + Nortel Networks + + EMail: mbroda@nortelnetworks.com + + + Louis LeVay + Nortel Networks + + EMail: levay@nortelnetworks.com + + + Dennis Beard + Nortel Networks + + EMail: beardd@nortelnetworks.com + + + Lawrence Dobranski + Nortel Networks + + EMail: ldobran@nortelnetworks.com + + + + + + + + + + + + + + + + + + + + + + + + + + + +Hamer, et al. Standards Track [Page 28] + +RFC 3520 Session Authorization Policy Element April 2003 + + +15. Authors' Addresses + + Louis-Nicolas Hamer + Nortel Networks + PO Box 3511 Station C + Ottawa, Ontario + Canada K1Y 4H7 + + Phone: +1 613.768.3409 + EMail: nhamer@nortelnetworks.com + + + Brett Kosinski + Invidi Technologies + Edmonton, Alberta + Canada T5J 3S4 + + EMail: brettk@invidi.com + + + Bill Gage + Nortel Networks + PO Box 3511 Station C + Ottawa, Ontario + Canada K1Y 4H7 + + Phone: +1 613.763.4400 + EMail: gageb@nortelnetworks.com + + + Hugh Shieh + AT&T Wireless + 7277 164th Avenue NE + Redmond, WA + USA 98073-9761 + + Phone: +1 425.580.6898 + EMail: hugh.shieh@attws.com + + + + + + + + + + + + + +Hamer, et al. Standards Track [Page 29] + +RFC 3520 Session Authorization Policy Element April 2003 + + +16. Full Copyright Statement + + Copyright (C) The Internet Society (2003). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Hamer, et al. Standards Track [Page 30] + -- cgit v1.2.3