List Info

Thread: Re: Issue: Section 1 Problem Statement
Re: Issue: Section 1 Problem Statement
country flaguser name
United States		 2007-05-24 10:34:15 

  


  

    
 

""1.  Introduction
 
   Today, network access clients are typically preconfigured   
   with a list of access networks, and corresponding identities  ; 
   and credentials.  However, as network access mechanisms  ; 
   and operators have proliferated, it has become increasingly   
   likely that users will encounter networks for which no 
   preconfigured settings are available, yet which offer 
   desired services and the ability to successfully authenticate    
   with the user's home realm.  It is also possible that 
   preconfigured settings will not be adequate in some situations. 

   In such a situation, users can have difficulty in determining 
   which network to connect to, and how to authenticate to that network.
 
 ;  The problem arises when any of the following conditions are true:
 
   o  Within a single network, more than one network attachment point 
      is available, and the attachment points differ in their roaming 
      arrangements, or access to services.  While the link layer 
      capabilities of a point of attachment may be advertised, 
      higher layer capabilities such as roaming arrangements,
     ; end-to-end quality of service or Internet access 
      restrictions may not be.  As a result, a user may have 
      difficulty determining what services are 
      available at each network attachment point, and which 
      attachment points it can successfully authenticate to.  
      For example, it is possible that a roaming agreement will 
      only enable a user to authenticate to the home realm from 
      some points of attachment, but not others.  Similarly, it 
      is possible that access to the Internet may be restricted 
      at some points of attachment, but not others or that
 ;     end-to-end quality of service may not be available in all
   ;   locations. In these situations, the network access client 
      cannot assume that all points of attachment within a network 
      offer identical capabilities.

 ;

   o  Multiple networks are available for which the user has no 
      corresponding pre-configuration. The user may not 
      have pre-configured an identity and associated credentials 
      for use with a network, yet it is possible that the 
      user's home realm is reachable from that network, 
      enabling the user to successfully authenticate.  
      However, unless the roaming arrangements are advertised,
      the network access client cannot determine apriori whether
      successful authentication is likely.  In this situation,
      it is possible that the user will need to try multiple
    ;  networks in order to find one to which it can successfully
      authenticate, or it is possible that the user will not be 
      able  to obtain access at all, even though successful 
      authentication is feasible.
 
   o  The user has multiple sets of credentials.  Where no      
      preconfiguration exists, it is possible that the user will
 ;     not be able to determine which credentials to use with which
      attachment point, or even whether any credentials it possesses
  ;    will allow it to authenticate successfully.  An
     ; identity and associated credentials can be usable for authentication
   ;   with multiple networks, and not all of these networks will be
     ; preconfigured.  For example, the user could have one set of
     ; credentials from  a public service provider and  another set
   ;   from an employer, and a network might enable authentication
   ;   with one or more of these credentials.  Yet, without
      preconfiguration, multiple unsuccessful authentication attempts
    ;  could be needed for each attachment point in order to determine
  ;    what credentials are usable, wasting valuable time and
   ;   resulting in user frustration.  In order to choose between multiple
    ;  attachment points, it can be helpful to provide additional
      information to enable the correct credentials to be determined.
 
   o  There are multiple potential roaming paths between the visited
      realm and the user's home realm, and service parameters or pricing
      differs between them. ; In this situation, there could be multiple
    ;  ways for the user to successfully authenticate using the same
 ;     identity and credentials, yet the cost of each approach might
      differ. In this case, the access network may not be
     ; able to determine the roaming path that best matches the user's
      preferences.  This can lead to the user being charged more than
 ;     necessary, or not obtaining the desired services.  For example,
    ;  the visited access realm could have both a direct relationship
      with the home realm and an indirect relationship through a roaming
      consortium.  Current Authentication, Authorization and Accounting
      (AAA) protocols may not be able to route the access request to the
   ;   home AAA sever purely based on the realm within the Network Access
      Identifier (NAI) [RFC4282].  In addition, payload packets can be
     ; routed or tunneled differently, based on the roaming relationship
      path. ; This may have an impact on the available services or their
      pricing.
 
 ;  In Section 2 the network discovery and selection problem is defined   
   and divided into subproblems.  Some solution constraints are outlined
   in Section 3.  Section 4 provides conclusions and suggestions for
   future work. ; Appendix A discusses existing solutions to portions of
   the problem."






Subject: RE: [eap] Issue: Section 1 Problem Statement
Date: Thu, 24 May 2007 00:25:44 -0700
From: FB5431att.com
To: bernard_abobahotmail.com; eapfrascone.com











Hi Bernard,


 



Your revision of first para eliminates an important scenario for network selection from amongst networks with different capabilities even when they are form the same operator using same authentication method. So in this scenario multiple networks will be mapping to one “preconfigured operator name and access method” implying the preconfigured information is available but it is insufficient to do selection. I have tried to edit the first para as bellow..



  
“Today, network access clients are typically preconfigured with a list of access networks, and corresponding identities

and credentials.  However, as new network access technologies emerge and authentication mechanisms and operators have proliferated, it has become increasingly likely that users will encounter networks for which preconfigured settings in the client are either not available or insufficient, yet which can deliver desired services and can successfully authenticate the user to his home AAA server. In such a situation, users can have difficulty in determining which network to connect to, and how to authenticate to that network.”

 


Based on these changes minor change is also proposed to first sentence of first bullet as follows.

 


 “More than one network attachment point is available, and the attachment points differ in their roaming arrangements or access to services, or their capabilities such as QoS or belong to operators which the network access client is not preconfigured for.”



BR,


Farooq Bari 
 farooq.bariatt.com">farooq.bariatt.com 
+1 425 580 5526 
  












From: Bernard Aboba [mailto:bernard_abobahotmail.com] 
Sent: Wednesday, May 23, 2007 9:32 PM
To: eapfrascone.com
Subject: [eap] Issue: Section 1 Problem Statement


 
Issue: Section 1 Problem Statement
Submitter name: Bernard Aboba
Submitter email address:  abobainternaut.comDate">abobainternaut.com
 abobainternaut.comDate">Date Submitted: May 23, 2007
Reference:
Document: NETSEL-07
Comment type: Editorial
Priority: S
Section: 1
Rationale/Explanation of issue:
 
In reading over Section 1, it is not clear to me that the essence of the problem has been clearly stated. 
 
I believe that the central issue here is that a user can encounter networks for which there is no preconfiguration. 
 
Also, I think there is an assumption that the networks that a user can encounter may restrict access to the Internet in some way so that all Internet services may not be accessible
 
I believe that these assumptions need to be more clearly spelled out.  Find enclosed below a rewrite of Section 1 that hopefully makes these assumptions more clear. 
 
"1.  Introduction
 
   Today, network access clients are typically preconfigured

 ;  with a list of access networks, and corresponding identities

   and credentials.  However, as network access mechanisms

   and operators have proliferated, it has become increasingly

   likely that users will encounter networks for which no

 ;  preconfigured settings are available, yet which offer

   desired services and the ability to successfully authenticate 

   with the user's home AAA server.  In such a situation, 

   users can have difficulty in determining which network to

 ;  connect to, and how to authenticate to that network.
 
   The problem arises when any of the following conditions are true:
 
   o  More than one network attachment point is available, and the

      attachment points differ in their roaming arrangements or 

     ; access to services, or belong to operators which the

      network access client is not preconfigured for.

      In this case, a user may have difficulty determining

     ; what services are available at each network attachment point, and

      which attachment points it can successfully authenticate to. 

     ; For example, the user may not have pre-configured an identity


      and associated credentials for use with a network,  yet it is

 ;     possible that the user's home AAA server is reachable from

      that network, enabling the user to successfully authenticate.  

     ; While the local network's capabilities may be advertised, 

     ; where access to the Internet is restricted, it can

      be difficult for the user to determine apriori what services


      will be available upon connection. 
 
   o  The user has multiple sets of credentials.  Where no

 ;     preconfiguration exists, it is possible that the user will

      not be able to determine which credentials to use with which

      attachment point, or even whether any credentials it possesses

      will allow it to authenticate successfully.  An

 ;     identity and associated credentials can be usable for authentication

      with multiple networks, and not all of these networks will be

 ;     preconfigured.  For example, the user could have one set of 

     ; credentials from  a public service provider and  another set 

     ; from an employer, and a network might enable authentication

      with one or more of these credentials.  Yet, without

  ;    preconfiguration, multiple unsuccessful authentication attempts 

     ; could be needed for each attachment point in order to determine

      what credentials are usable, wasting valuable time and 

     ; resulting in user frustration.   In order to choose between multiple 

     ; attachment points, it can be helpful to provide additional 

     ; information to enable the correct credentials to be determined.
 
   o  There are multiple potential roaming paths between the visited

  ;    realm and the user's home realm, and service parameters or pricing

  ;    differs between them. ; In this situation, there could be multiple


      ways for the user to successfully authenticate using the same 

     ; identity and credentials, yet the cost of each approach might

      differ. In this case, the access network may not be

 ;     able to determine the roaming path that best matches the user's

    ;  preferences.  This can lead to the user being charged more than

      necessary, or not obtaining the desired services.  For example,


      the visited access realm could have both a direct relationship

   ;   with the home realm and an indirect relationship through a roaming

  ;    consortium.  Current Authentication, Authorization and Accounting

      (AAA) protocols may not be able to route the access request to the

      home AAA sever purely based on the realm within the Network Access

    ;  Identifier (NAI) [RFC4282].  In addition, payload packets can be

 ;     routed or tunneled differently, based on the roaming relationship

   ;   path. ; This may have an impact on the available services or their

      pricing.
 
   In Section 2 the network discovery and selection problem is defined

  ; and divided into subproblems.  Some solution constraints are outlined


   in Section 3.  Section 4 provides conclusions and suggestions for

   future work. ; Appendix A discusses existing solutions to portions of

 ;  the problem."

  

  
  
   
     
    

  

    Re:  Issue:  Section 1 Problem Statement
  


  

     user name

     2007-05-24 13:43:14
  


  

    

  


  

    





This text works for me. thanks



 






  

Farooq
Bari 

 farooq.bariatt.com">farooq.bariatt.com 

+1
425 580 5526 

  























From: Bernard Aboba
[mailto:bernard_abobahotmail.com] 

Sent: Thursday, May 24, 2007 8:34
AM


To: Bari,
 Farooq; eapfrascone.com

Subject: RE: [eap] Issue: Section
1 Problem Statement






 



Oops, forgot about the QoS
issue.  Here is another stab at it:

 

""1.  Introduction

 

   Today, network access clients are typically

preconfigured   

   with a list of access networks, and corresponding
identities   

   and credentials.  However, as network access
mechanisms   

   and operators have proliferated, it has become
increasingly   

   likely that users will encounter networks for which no 

   preconfigured settings are available, yet which offer 

   desired services and the ability to successfully
authenticate   ; 

   with the user's home realm.  It is also possible that 

   preconfigured settings will not be adequate in some situations. 

   In such a situation, users can have difficulty in determining 

   which network to connect to, and how to authenticate to that
network.

 

   The problem arises when any of the following conditions are true:

 

   o  Within a single network, more than one network attachment
point 

     ; is available, and the attachment points differ
in their roaming 

     ; arrangements, or access to services.  While
the link layer 

     ; capabilities of a point of attachment may be
advertised, 

     ; higher layer capabilities such as roaming
arrangements,

     ; end-to-end quality of service or Internet access



      restrictions may not be.  As a result, a
user may have 

     ; difficulty determining what services are 

     ; available at each network attachment point, and
which 

     ; attachment points it can successfully
authenticate to.  

     ; For example, it is possible that a roaming
agreement will 

     ; only enable a user to authenticate to the home
realm from 

     ; some points of attachment, but not others. 
Similarly, it 

     ; is possible that access to the Internet may be
restricted 

     ; at some points of attachment, but not others or
that


      end-to-end quality of service may not be
available in all

      locations. In these situations, the network
access client 

     ; cannot assume that all points of attachment
within a network 

     ; offer identical capabilities.

 ;

   o  Multiple networks are available for which the user has no 

     ; corresponding pre-configuration. The user may
not 

     ; have pre-configured an identity and associated
credentials 

     ; for use with a network, yet it is possible that
the 

     ; user's home realm is reachable from that
network, 

     ; enabling the user to successfully authenticate. 


      However, unless the roaming arrangements are
advertised,

      the network access client cannot determine

apriori whether

  ;    successful authentication is likely.  In
this situation,

      it is possible that the user will need to try
multiple

 ;     networks in order to find one to which it can
successfully

    ;  authenticate, or it is possible that the user
will not be 

     ; able  to obtain access at all, even though
successful 

     ; authentication is feasible.

 

  ; o  The user has multiple sets of credentials.  Where
no    

     ; preconfiguration exists, it is possible that the
user will

      not be able to determine which credentials to
use with which

      attachment point, or even whether any
credentials it possesses

      will allow it to authenticate
successfully. ; An

 ;     identity and associated credentials can be
usable for authentication

      with multiple networks, and not all of these
networks will be

 ;     preconfigured.  For example, the user could
have one set of

 ;     credentials from  a public service provider
and  another set

      from an employer, and a network might enable
authentication

     ; with one or more of these credentials. 
Yet, without

  ;    preconfiguration, multiple unsuccessful
authentication attempts


      could be needed for each attachment point in
order to determine

      what credentials are usable, wasting valuable
time and

      resulting in user frustration.  In order to
choose between multiple


      attachment points, it can be helpful to provide
additional


      information to enable the correct credentials to
be determined.

 

   o  There are multiple potential roaming paths between the
visited

   ;   realm and the user's home realm, and service
parameters or pricing

  ;    differs between them. ; In this situation,
there could be multiple


      ways for the user to successfully authenticate
using the same

      identity and credentials, yet the cost of each
approach might

      differ. In this case, the access network may not
be

  ;    able to determine the roaming path that best
matches the user's

    ;  preferences.  This can lead to the user
being charged more than

      necessary, or not obtaining the desired
services.  For example,


      the visited access realm could have both a
direct relationship

   ;   with the home realm and an indirect relationship
through a roaming

  ;    consortium.  Current Authentication,
Authorization and Accounting

      (AAA) protocols may not be able to route the
access request to the

      home AAA sever purely based on the realm within
the Network Access

    ;  Identifier (NAI) [RFC4282].  In addition,

payload packets can be

 ;     routed or tunneled differently, based on the
roaming relationship

   ;   path. ; This may have an impact on the
available services or their

      pricing.


 

   In Section 2 the network discovery and selection problem is
defined   

   and divided into subproblems.  Some solution constraints are
outlined

 ;  in Section 3.  Section 4 provides conclusions and suggestions
for

   future work. ; Appendix A discusses existing solutions to
portions of

 ;  the problem."













Subject: RE: [eap] Issue: Section 1
Problem Statement

Date: Thu, 24 May 2007 00:25:44 -0700

From: FB5431att.com

To: bernard_abobahotmail.com; eapfrascone.com






Hi Bernard,



 



Your revision of first
para eliminates an important scenario for network selection from amongst
networks with different capabilities even when they are form the same operator
using same authentication method. So in this scenario multiple networks will be
mapping to one “preconfigured operator name and access methodR21; implying the
preconfigured information is available but it is insufficient to do selection.
I have tried to edit the first para as bellow..






  



“Today, network access clients are typically preconfigured with a list of access networks, and corresponding identities




and credentials.  However, as new network access technologies emerge and authentication mechanisms and operators have proliferated, it has become increasingly likely that users will encounter networks for which preconfigured settings in the client are either not available or insufficient, yet which can deliver desired services and can successfully authenticate the user to his home AAA server. In such a situation, users can have difficulty in determining which network to connect to, and how to authenticate to that network.”




 

Based on these
changes minor change is also proposed to first sentence of first bullet as
follows.

 

 ;“More than one network attachment point is available, and
the attachment points differ in their roaming arrangements or access to
services, or their capabilities such as QoS or belong to operators which the
network access client is not preconfigured for.”;





BR,



Farooq
Bari 

 farooq.bariatt.com">farooq.bariatt.com 

+1
425 580 5526 

  






















From: Bernard Aboba
[mailto:bernard_abobahotmail.com] 

Sent: Wednesday, May 23, 2007 9:32
PM


To: eapfrascone.com

Subject: [eap] Issue: Section 1
Problem Statement






 



Issue: Section 1 Problem Statement
Submitter name: Bernard Aboba
Submitter email address: internaut.comDate">abobainternaut.com
 abobainternaut.comDate">Date Submitted: May 23, 2007
Reference:
Document: NETSEL-07
Comment type: Editorial
Priority: S
Section: 1
Rationale/Explanation of issue:
 
In reading over Section 1, it is not clear to me that the essence of the problem has been clearly stated. 
 
I believe that the central issue here is that a user can encounter networks for which there is no preconfiguration. 
 
Also, I think there is an assumption that the networks that a user can encounter may restrict access to the Internet in some way so that all Internet services may not be accessible
 
I believe that these assumptions need to be more clearly spelled out.  Find enclosed below a rewrite of Section 1 that hopefully makes these assumptions more clear. 
 
"1.  Introduction
 
   Today, network access clients are typically preconfigured




   with a list of access networks, and corresponding identities




   and credentials.  However, as network access mechanisms




   and operators have proliferated, it has become increasingly




   likely that users will encounter networks for which no




   preconfigured settings are available, yet which offer





   desired services and the ability to successfully authenticate 




   with the user's home AAA server.  In such a situation, 




   users can have difficulty in determining which network to




   connect to, and how to authenticate to that network.
 
   The problem arises when any of the following conditions are true:
 
   o  More than one network attachment point is available, and the




      attachment points differ in their roaming arrangements or 




      access to services, or belong to operators which the




      network access client is not preconfigured for.




      In this case, a user may have difficulty determining




      what services are available at each network attachment point, and




      which attachment points it can successfully authenticate to. 




      For example, the user may not have pre-configured an identity





      and associated credentials for use with a network,  yet it is




      possible that the user's home AAA server is reachable from




      that network, enabling the user to successfully authenticate.  




      While the local network's capabilities may be advertised, 




      where access to the Internet is restricted, it can




      be difficult for the user to determine apriori what services





      will be available upon connection. 
 
   o  The user has multiple sets of credentials.  Where no




      preconfiguration exists, it is possible that the user will




      not be able to determine which credentials to use with which





      attachment point, or even whether any credentials it possesses




      will allow it to authenticate successfully.  An




      identity and associated credentials can be usable for authentication




      with multiple networks, and not all of these networks will be




      preconfigured.  For example, the user could have one set of 




      credentials from  a public service provider and  another set 




      from an employer, and a network might enable authentication




      with one or more of these credentials.  Yet, without




      preconfiguration, multiple unsuccessful authentication attempts 




      could be needed for each attachment point in order to determine




      what credentials are usable, wasting valuable time and 




      resulting in user frustration.   In order to choose between multiple 




      attachment points, it can be helpful to provide additional 




      information to enable the correct credentials to be determined.
 
   o  There are multiple potential roaming paths between the visited




      realm and the user's home realm, and service parameters or pricing




      differs between them. ; In this situation, there could be multiple





      ways for the user to successfully authenticate using the same 




      identity and credentials, yet the cost of each approach might





      differ. In this case, the access network may not be




      able to determine the roaming path that best matches the user's




      preferences.  This can lead to the user being charged more than




      necessary, or not obtaining the desired services.  For example,





      the visited access realm could have both a direct relationship




      with the home realm and an indirect relationship through a roaming




      consortium.  Current Authentication, Authorization and Accounting




      (AAA) protocols may not be able to route the access request to the




      home AAA sever purely based on the realm within the Network Access




      Identifier (NAI) [RFC4282].  In addition, payload packets can be




      routed or tunneled differently, based on the roaming relationship




      path. ; This may have an impact on the available services or their





      pricing.
 
   In Section 2 the network discovery and selection problem is defined




   and divided into subproblems.  Some solution constraints are outlined





   in Section 3.  Section 4 provides conclusions and suggestions for




   future work. ; Appendix A discusses existing solutions to portions of




   the problem."













  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )