Data Types in the Remote Authentication Dial-In User Service Protocol (RADIUS)
draft-dekok-radext-datatypes-00
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
|
|
|---|---|---|---|
| Author | Alan DeKok | ||
| Last updated | 2013-01-31 | ||
| Replaced by | draft-ietf-radext-datatypes, RFC 8044 | ||
| RFC stream | (None) | ||
| Formats | |||
| Additional resources | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-dekok-radext-datatypes-00
Network Working Group DeKok, Alan
INTERNET-DRAFT FreeRADIUS
Updates: 2865,6158
Category: Standards Track
<draft-dekok-radext-datatypes-00.txt>
30 January 2013
Data Types in the Remote Authentication
Dial-In User Service Protocol (RADIUS)
draft-dekok-radext-datatypes-00.txt
Abstract
RADIUS specifications have used data types for two decades, without
defining them as managed concepts. This document names the data
types defined in [RFC6158], and used since at least [RFC2865]. It
provides an IANA registry for the data types, and updates teh RADIUS
Attribute Type registry to include a "data type" field for each
attribute.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 8, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
DeKok, Alan Standards Track [Page 1]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
DeKok, Alan Standards Track [Page 2]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
Table of Contents
1. Introduction ............................................. 4
1.1. Requirements Language ............................... 4
2. Data Type Definitions .................................... 5
2.1. Integer ............................................. 5
2.2. Enum ................................................ 6
2.3. IPv4addr ............................................ 6
2.4. Date ................................................ 7
2.5. Text ................................................ 7
2.6. String .............................................. 8
2.7. Ifid ................................................ 9
2.8. IPv6addr ............................................ 9
2.9. IPv6prefix .......................................... 10
2.10. Integer64 .......................................... 11
2.11. TLV ................................................ 11
2.12. EVS ................................................ 13
3. Updated Registries ....................................... 14
3.1. Create a Data Type Registry ......................... 14
3.2. Updates to the Attribute Type Registry .............. 15
4. Suggestions for Authors .................................. 19
5. Security Considerations .................................. 20
6. IANA Considerations ...................................... 20
7. References ............................................... 20
7.1. Normative References ................................ 20
7.2. Informative References .............................. 20
DeKok, Alan Standards Track [Page 3]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
1. Introduction
RADIUS specifications have historically defined attributes in terms
of name, type value, and data type. Of these three pieces of
information, only the type value is managed by IANA. There is no
management of, or restriction on the attribute name, as discussed in
[EXTEN] Section 2.7.1. Similarly, [RFC6158] introduces the concept
of the "data type" in RADIUS, but defines them descriptively. The
data types are not given names, and no encoding format is given for
them.
This document gives names to data types, and defines encoding for
them. These names can be used in future RADIUS specifications. In
addition, we create an IANA registry which manages these data types,
and update the IANA RADIUS Attribute Type registry to include a data
type for each attribute.
This document also clarifies ambiguities in existing specifications.
For example, [RFC2865] defines attributes of data type "address" to
carry IPv4 addresses, and [RFC3162] defines attributes of data type
"Address" to cary IPv6 addresses. Despite the difference in case,
the use of the word "address" to refer to disparate data types is
problematic.
The goal of this specification is to regularize two decades of RADIUS
practice. RADIUS implementations have traditionally used
dictionaries to map attribute names to type values, and to define
data types for each attribute. However, RADIUS specifications have
not defined the data types or their names. This document addresses
that difference.
This document requires no changes to any RADIUS implementation, past,
present, or future. It is instead intended to document existing
practice, to simplify the process of writing RADIUS specifications,
to clarify the interpretation of RADIUS standards, and to improve the
communication between specification authors and IANA.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
DeKok, Alan Standards Track [Page 4]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
2. Data Type Definitions
This section defines the new data types. For each data type, it
gives a definition, a name, a number, a length, and an encoding
format. We reiterate that these definitions have no impact on
existing RADIUS implementations. There is no requirement that
implementations use these names.
Where possible, the name of each data type has been taken from
previous specifications. In some cases, a different name has been
chosen. The change of name is required to avoid ambiguity (i.e.
"address" versus "Address"). Otherwise, the new name has been chosen
to be compatible with use in common implementations. In some cases,
new names are chosen to clarify the interpretation of the data type.
The numbers assigned here have no meaning other than to permit the
data types to be tracked by IANA.
The encoding of each data type is taken from previous specifications.
The fields are transmitted from left to right.
The data types are given below in arbitrary order. There is no
particular reason to choose one order over another.
We do not create specific data types for the "tagged" attributes, as
defined in [RFC2868]. That specification defines the "tagged"
attributes as being backwards compatible with pre-existing data
types. In addition, [RFC6158] Section 2.1 says that "tagged"
attributes should not be used. There is therefore no benefit to
defining additional data types for these attributes.
2.1. Integer
The "integer" data type encodes a 32-bit unsigned integer in network
byte order. Where the range of values for a particular attribute is
limited to a sub-set of the values, specifications MUST define the
valid range.
Name
integer
Number
1
Length
DeKok, Alan Standards Track [Page 5]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
Four octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.2. Enum
The "enum" data type encodes a 32-bit unsigned integer in network
byte order. It differs from the "integer" data type only in that it
is used to define enumerated types, such as with Service-Type.
Name
integer
Number
2
Length
Four octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.3. IPv4addr
The "ipv4addr" data type encodes an IPv4 address in network byte
order.
Name
ipv4addr
Number
DeKok, Alan Standards Track [Page 6]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
3
Length
Four octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.4. Date
The "date" data type encodes time as a 32-bit unsigned value in
network byte order and in seconds since 00:00:00 UTC, January 1,
1970.
Name
date
Number
4
Length
Four octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Date |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.5. Text
The "text" data type encodes UTF-8 text [RFC3629]. The maximum
length of the text is given by the encapsulating attribute. Where
the length for a particular attribute is limited, specifications MUST
define a maximum length.
DeKok, Alan Standards Track [Page 7]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
Name
text
Number
5
Length
One or more octets.
Format
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-
| Value ...
+-+-+-+-+-+-+-+-
2.6. String
The "string" data type encodes binary data, including opaque
encapsulation of data structures defined outside of RADIUS. Where
the length for a particular attribute is limited, specifications MUST
define a maximum length.
Name
string
Number
6
Length
One or more octets.
Format
0
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-
| Value ...
+-+-+-+-+-+-+-+-
DeKok, Alan Standards Track [Page 8]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
2.7. Ifid
The "ifid" data type encodes an Interface-Id as an 8-octet string in
network byte order.
Name
ifid
Number
7
Length
Eight octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Interface-ID ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Interface-ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.8. IPv6addr
The "ipv6addr" data type encodes an IPv6 address in network byte
order.
Name
ipv6addr
Number
8
Length
Sixteen octets
Format
0 1 2 3
DeKok, Alan Standards Track [Page 9]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Address ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.9. IPv6prefix
The "ipv6addr" data type encodes an IPv6 prefix, using both a prefix
and an IPv6 address in network byte order.
Name
ipv6prefix
Number
9
Length
Eighteen octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Prefix-Length | Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields
Reserved
This field, which is reserved and MUST be present, is always
DeKok, Alan Standards Track [Page 10]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
set to zero.
Prefix-Length
The length of the prefix, in bits. At least 0 and no larger
than 128.
Prefix
The Prefix field is up to 16 octets in length. Bits outside of
the Prefix-Length, if included, must be zero.
2.10. Integer64
The "integer64" data type encodes a 64-bit unsigned integer in
network byte order. Where the range of values for a particular
attribute is limited to a sub-set of the values, specifications MUST
define the valid range.
Name
integer64
Number
10
Length
Eight octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Value |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2.11. TLV
The "tlv" data type encodes a type-length-value, as defined in
[EXTEN] Section 2.3.
DeKok, Alan Standards Track [Page 11]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
Name
tlv
Number
11
Length
Three or more octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV-Type | TLV-Length | TLV-Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields
TLV-Type
This field is one octet. Up-to-date values of this field are
specified according to the policies and rules described in
[EXTEN] Section 10. Values 254-255 are "Reserved" for use by
future extensions to RADIUS. The value 26 has no special
meaning, and MUST NOT be treated as a Vendor Specific
attribute.
The TLV-Type is meaningful only within the context defined by
"Type" fields of the encapsulating Attributes, using the
dotted-number notation introduced in [EXTEN].
A RADIUS server MAY ignore Attributes with an unknown "TLV-
Type".
A RADIUS client MAY ignore Attributes with an unknown "TLV-
Type".
A RADIUS proxy SHOULD forward Attributes with an unknown "TLV-
Type" verbatim.
TLV-Length
The TLV-Length field is one octet, and indicates the length of
this TLV including the TLV-Type, TLV-Length and TLV-Value
DeKok, Alan Standards Track [Page 12]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
fields. It MUST have a value between 3 and 255. If a client
or server receives a TLV with an invalid TLV-Length, then the
attribute which encapsulates that TLV MUST be considered to be
an "invalid attribute", and handled as per [EXTEN] Section 2.8.
TLV-Value
The Value field is one or more octets and contains information
specific to the Attribute. The format and length of the TLV-
Value field is determined by the TLV-Type and TLV-Length
fields.
It is RECOMMENDED that TLVs contain only well-known RADIUS data
types.
2.12. EVS
The "evs" data type encodes an "extended vendor-specific" attribute,
as given in [EXTEN] Section 2.4
Name
evs
Number
12
Length
Six or more octets
Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor-Type | String ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Subfields
Vendor-Id
The 4 octets are the Network Management Private Enterprise Code
DeKok, Alan Standards Track [Page 13]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
[PEN] of the Vendor in network byte order.
Vendor-Type
The Vendor-Type field is one octet. Values are assigned at the
sole discretion of the Vendor.
String
The String field is one or more octets. It SHOULD encapsulate
a previously defined RADIUS data type. Non-standard data types
SHOULD NOT be used. We note that the Value field may be of
data type "tlv". However, it MUST NOT be of data type "evs",
as the use cases are unclear for one vendor delegating
Attribute Type space to another vendor.
The actual format of the information is site or application
specific, and a robust implementation SHOULD support the field
as undistinguished octets. We recognise that Vendors have
complete control over the contents and format of the Value
field, while at the same time recommending that good practices
be followed.
Further codification of the range of allowed usage of this
field is outside the scope of this specification.
3. Updated Registries
This section defines a new IANA registry for RADIUS data types, and
updates the existing RADIUS Attribute Type registry.m
3.1. Create a Data Type Registry
This section defines a new RADIUS registry, called "Data Type".
Allocation in this registry requires IETF Review. The "Registration
Procedures" for this registry are "Standards Action".
The registry contains three columns of data, as follows.
Value
The number of the data type.
Description
The name of the data type.
DeKok, Alan Standards Track [Page 14]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
Reference
The specification where the data type was defined.
The initial contents of the registry are as follows.
Value Description Reference
----- ----------- ----------------
1 integer [RFC2865], TBD
2 enum [RFC2865], TBD
3 ipv4addr [RFC2865], TBD
4 date [RFC2865], TBD
5 text [RFC2865], TBD
6 string [RFC2865], TBD
7 ifid [RFC3162], TBD
8 ipv6addr [RFC3162], TBD
9 ipv6prefix [RFC3162], TBD
10 integer64 [EXTEN], TBD
11 tlv [EXTEN], TBD
12 evs [EXTEN], TBD
3.2. Updates to the Attribute Type Registry
This section updates the RADIUS Attribute Type Registry to have a new
column, which is inserted in between the existing "Description" and
"Reference" columns. The new column is named "Data Type". The
contents of that column are the name of a data type, corresponding to
the attribute in that row, or blank if the attribute type is
unassigned. The name of the data type is taken from the RADIUS Data
Type registry, defined above.
Value Description Data Type
----- ---------------------------------------- ---------
1 User-Name text
2 User-Password text
3 CHAP-Password string
4 NAS-IP-Address ipaddr
5 NAS-Port integer
6 Service-Type enum
7 Framed-Protocol enum
8 Framed-IP-Address ipaddr
9 Framed-IP-Netmask ipaddr
10 Framed-Routing enum
11 Filter-Id text
12 Framed-MTU integer
13 Framed-Compression enum
14 Login-IP-Host ipaddr
15 Login-Service enum
DeKok, Alan Standards Track [Page 15]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
16 Login-TCP-Port enum
18 Reply-Message text
19 Callback-Number text
20 Callback-Id text
22 Framed-Route text
23 Framed-IPX-Network ipaddr
24 State string
25 Class string
26 Vendor-Specific string
27 Session-Timeout integer
28 Idle-Timeout integer
29 Termination-Action enum
30 Called-Station-Id text
31 Calling-Station-Id text
32 NAS-Identifier text
33 Proxy-State string
34 Login-LAT-Service text
35 Login-LAT-Node text
36 Login-LAT-Group string
37 Framed-AppleTalk-Link integer
38 Framed-AppleTalk-Network integer
39 Framed-AppleTalk-Zone text
40 Acct-Status-Type enum
41 Acct-Delay-Time integer
42 Acct-Input-Octets integer
43 Acct-Output-Octets integer
44 Acct-Session-Id text
45 Acct-Authentic enum
46 Acct-Session-Time integer
47 Acct-Input-Packets integer
48 Acct-Output-Packets integer
49 Acct-Terminate-Cause enum
50 Acct-Multi-Session-Id text
51 Acct-Link-Count integer
52 Acct-Input-Gigawords integer
53 Acct-Output-Gigawords integer
55 Event-Timestamp date
56 Egress-VLANID integer
57 Ingress-Filters enum
58 Egress-VLAN-Name text
59 User-Priority-Table string
60 CHAP-Challenge string
61 NAS-Port-Type enum
62 Port-Limit integer
63 Login-LAT-Port text
64 Tunnel-Type enum
65 Tunnel-Medium-Type enum
66 Tunnel-Client-Endpoint text
DeKok, Alan Standards Track [Page 16]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
67 Tunnel-Server-Endpoint text
68 Acct-Tunnel-Connection text
69 Tunnel-Password text
70 ARAP-Password string
71 ARAP-Features string
72 ARAP-Zone-Access enum
73 ARAP-Security integer
74 ARAP-Security-Data text
75 Password-Retry integer
76 Prompt enum
77 Connect-Info text
78 Configuration-Token text
79 EAP-Message string
80 Message-Authenticator string
81 Tunnel-Private-Group-Id text
82 Tunnel-Assignment-Id text
83 Tunnel-Preference integer
84 ARAP-Challenge-Response string
85 Acct-Interim-Interval integer
86 Acct-Tunnel-Packets-Lost integer
87 NAS-Port-Id text
88 Framed-Pool text
89 Chargeable-User-Identity text
90 Tunnel-Client-Auth-Id text
91 Tunnel-Server-Auth-Id text
92 NAS-Filter-Rule text
95 NAS-IPv6-Address ipv6addr
96 Framed-Interface-Id ifid
97 Framed-IPv6-Prefix ipv6prefix
98 Login-IPv6-Host ipv6addr
99 Framed-IPv6-Route text
100 Framed-IPv6-Pool text
101 Error-Cause enum
102 EAP-Key-Name text
103 Digest-Response text
104 Digest-Realm text
105 Digest-Nonce text
106 Digest-Response-Auth text
107 Digest-Nextnonce text
108 Digest-Method text
109 Digest-URI text
110 Digest-Qop text
111 Digest-Algorithm text
112 Digest-Entity-Body-Hash text
113 Digest-CNonce text
114 Digest-Nonce-Count text
115 Digest-Username text
116 Digest-Opaque text
DeKok, Alan Standards Track [Page 17]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
117 Digest-Auth-Param text
118 Digest-AKA-Auts text
119 Digest-Domain text
120 Digest-Stale text
121 Digest-HA1 text
122 SIP-AOR text
123 Delegated-IPv6-Prefix ipv6prefix
124 MIP6-Feature-Vector string
125 MIP6-Home-Link-Prefix ipv6prefix
126 Operator-Name text
127 Location-Information string
128 Location-Data string
129 Basic-Location-Policy-Rules string
130 Extended-Location-Policy-Rules string
131 Location-Capable enum
132 Requested-Location-Info enum
133 Framed-Management enum
134 Management-Transport-Protection enum
135 Management-Policy-Id text
136 Management-Privilege-Level integer
137 PKM-SS-Cert string
138 PKM-CA-Cert string
139 PKM-Config-Settings string
140 PKM-Cryptosuite-List string
141 PKM-SAID string
142 PKM-SA-Descriptor string
143 PKM-Auth-Key string
144 DS-Lite-Tunnel-Name text
145 Mobile-Node-Identifier string
146 Service-Selection text
147 PMIP6-Home-LMA-IPv6-Address ipv6addr
148 PMIP6-Visited-LMA-IPv6-Address ipv6addr
149 PMIP6-Home-LMA-IPv4-Address ipaddr
150 PMIP6-Visited-LMA-IPv4-Address ipaddr
151 PMIP6-Home-HN-Prefix ipv6prefix
152 PMIP6-Visited-HN-Prefix ipv6prefix
153 PMIP6-Home-Interface-ID ifid
154 PMIP6-Visited-Interface-ID ifid
155 PMIP6-Home-IPv4-HoA ipv4prefix
156 PMIP6-Visited-IPv4-HoA ipv4prefix
157 PMIP6-Home-DHCP4-Server-Address ipaddr
158 PMIP6-Visited-DHCP4-Server-Address ipaddr
159 PMIP6-Home-DHCP6-Server-Address ipv6addr
160 PMIP6-Visited-DHCP6-Server-Address ipv6addr
161 PMIP6-Home-IPv4-Gateway ipaddr
162 PMIP6-Visited-IPv4-Gateway ipaddr
DeKok, Alan Standards Track [Page 18]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
4. Suggestions for Authors
We suggest that these data types be used in new RADIUS
specifications. Attributes can usually be completely described
through their Attribute Type code, name, and data type. The use of
"ASCII art" to describe attributes is becomes less required.
Use of the new extended attributes [EXTEN] makes ASCII art even more
problematic. An attribute can be allocated from the standard space,
or from one of the extended spaces. This allocation decision is made
after the specification has been accepted for publication, which
makes it difficult to create the correct ASCII art. Allocation from
the different spaces also changes the value of the Length field,
making it difficult to define it clearly prior to final publication
of the document.
The following fields SHOULD be given when defining new attributes:
Description
A description of the meaning and interpretation of the attribute.
Type
The Attribute Type code, given in the "dotted number" notation
from [EXTEN]. Most specifications can leave this as "TBD", and
rely on IANA to fill in the correct values.
Length
A description of the length of the attribute. For attributes of
data type "text" or "string", a maximum length SHOULD be given.
Data Type
One of the named Data Types from Section X.Y, above.
Value
A description of any attribute-specific limitations on the values
carried by the specified data type. If there are no attribute-
specific limitations, then the description of this field can be
omitted.
For attributes of type "integer" or "integer64", where the values
are limited to a subset of the possible range, minimum and maximum
values MUST be defined.
DeKok, Alan Standards Track [Page 19]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
For attributes of data type "enum", a list of enumerated values
and names is given, as with [RFC2865] Section 5.6.
5. Security Considerations
This specification is concerned solely with updates to IANA
registries. As such, there are no security considerations.
6. IANA Considerations
IANA is instructed to create one new registry as described above in
Section X.Y. The "TBD" text in that section should be replaced with
the RFC number of this document when it is published.
IANA is instructed to update the RADIUS Attribute Type registry, as
described above in Section X.Y.
IANA is instructed to require that all future allocations in the
RADIUS Attribute Type Registry contain a "data type" field, using one
of the names defined in the RADIUS Data Type registrty.
7. References
7.1. Normative References
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March, 1997.
[RFC2865]
Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC3629]
Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
3629, November 2003.
[RFC6158]
DeKok, A., and Weber, G., "RADIUS Design Guidelines", RFC 6158,
March 2011.
7.2. Informative References
[RFC2868]
Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., and I.
Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868,
June 2000.
DeKok, Alan Standards Track [Page 20]
INTERNET-DRAFT Data Types in RADIUS 30 January 2013
[RFC3162]
Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", RFC 3162,
August 2001.
[EXTEN]
DeKok, A., and Lior, A., "Remote Authentication Dial In User
Service (RADIUS) Protocol Extensions", draft-ietf-radext-radius-
extensions-04.txt (work in progress), January 2013.
[PEN]
http://www.iana.org/assignments/enterprise-numbers
Acknowledgments
Stuff
Authors' Addresses
Alan DeKok
The FreeRADIUS Server Project
Email: aland@freeradius.org
DeKok, Alan Standards Track [Page 21]