RFC 3182 (rfc3182) - Page 2 of 18
Identity Representation for RSVP
Alternative Format: Original Text Document
RFC 3182 Identity Representation for RSVP October 2001
1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
2. Introduction
RSVP [RFC 2205] is a resource reservation setup protocol designed for
an integrated services Internet [RFC 1633]. RSVP is used by a host
to request specific quality of service (QoS) from the network for
particular application data streams or flows. RSVP is also used by
routers to deliver QoS requests to all nodes along the path(s) of the
flows and to establish and maintain state to provide the requested
service. RSVP requests will generally result in resources being
reserved in each node along the data path. RSVP allows particular
users to obtain preferential access to network resources, under the
control of an admission control mechanism. Permission to make a
reservation is based both upon the availability of the requested
resources along the path of the data and upon satisfaction of policy
rules. Providing policy based admission control mechanism based on
user identity or application is one of the prime requirements.
In order to solve these problems and implement identity based policy
control it is required to identify the user and/or application making
a RSVP request.
This document proposes a mechanism for sending identification
information in the RSVP messages and enables authorization decisions
based on policy and identity.
We describe the authentication policy element (AUTH_DATA) contained
in the POLICY_DATA object. User process can generate an AUTH_DATA
policy element and gives it to RSVP process (service) on the
originating host. RSVP service inserts AUTH_DATA into the RSVP
message to identify the owner (user and/or application) making the
request for network resources. Network elements, such as routers,
authenticate request using the credentials presented in the AUTH_DATA
and admit the RSVP message based on admission policy. After a
request has been authenticated, first hop router installs the RSVP
state and forwards the new policy element returned by the Policy
Decision Point (PDP) [POL-FRAME].
Yadav, et al. Standards Track