RFC relevance of described

As per Relevance of the word described, we have this rfc below:

Network Working Group B.
Request for Comments: 2486
Category: Standards Track M.
WorldCom Advanced
January 1999

The Network Access

Status of this

This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited

Copyright

Copyright (C) The Internet Society (1999). All Rights Reserved

1.

In order to enhance the interoperability of roaming and
services, it is desirable to have a standardized method
identifying users. This document proposes syntax for the
Access Identifier (NAI), the userID submitted by the client
PPP authentication. It is expected that this will be of interest
support of roaming as well as tunneling. "Roaming capability" may
loosely defined as the ability to use any one of multiple
service providers (ISPs), while maintaining a formal, customer-
relationship with only one. Examples of where roaming
might be required include ISP "confederations" and ISP-
corporate network access support

2.

Considerable interest has arisen recently in a set of features
fit within the general category of "roaming capability" for
Internet users. Interested parties have included

Regional Internet Service Providers (ISPs) operating within
particular state or province, looking to combine their
with those of other regional providers to offer dialup
over a wider area

Aboba & Beadles Standards Track [Page 1]

RFC 2486 The Network Access Identifier January 1999

National ISPs wishing to combine their operations with those
one or more ISPs in another nation to offer more
dialup service in a group of countries or on a continent

Businesses desiring to offer their employees a
package of dialup services on a global basis. Those
may include Internet access as well as secure access
corporate intranets via a Virtual Private Network (VPN),
by tunneling protocols such as PPTP, L2F, L2TP, and IPSEC
mode

In order to enhance the interoperability of roaming and
services, it is desirable to have a standardized method
identifying users. This document proposes syntax for the
Access Identifier (NAI). Examples of implementations that use
NAI, and descriptions of its semantics, can be found in [1].

2.1.

This document frequently uses the following terms

Network Access
The Network Access Identifier (NAI) is the userID
by the client during PPP authentication. In roaming,
purpose of the NAI is to identify the user as well as
assist in the routing of the authentication request
Please note that the NAI may not necessarily be the same
the user's e-mail address or the userID submitted in
application layer authentication

Network Access
The Network Access Server (NAS) is the device that
dial in order to get access to the network. In
terminology this is referred to as the PPTP
Concentrator (PAC), and in L2TP terminology, it is
to as the L2TP Access Concentrator (LAC).

Roaming
Roaming capability can be loosely defined as the ability
use any one of multiple Internet service providers (ISPs),
while maintaining a formal, customer-vendor
with only one. Examples of cases where roaming
might be required include ISP "confederations" and ISP
provided corporate network access support

Aboba & Beadles Standards Track [Page 2]

RFC 2486 The Network Access Identifier January 1999

Tunneling
A tunneling service is any network service enabled
tunneling protocols such as PPTP, L2F, L2TP, and
tunnel mode. One example of a tunneling service is
access to corporate intranets via a Virtual Private
(VPN).

2.2. Requirements

In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted
described in [9].

2.3.

As described in [1], there are now a number of services
dialup roaming, and the number of Internet Service Providers
in roaming consortia is increasing rapidly

In order to be able to offer roaming capability, one of
requirements is to be able to identify the user's home
server. For use in roaming, this function is accomplished via
Network Access Identifier (NAI) submitted by the user to the NAS
the initial PPP authentication. It is also expected that NASes
use the NAI as part of the process of opening a new tunnel, in
to determine the tunnel endpoint

2.4. Notes for

As proposed in this document, the Network Access Identifier is of
form user@realm. Please note that while the user portion of the
conforms to the BNF described in [5], the BNF of the realm
allows the realm to begin with a digit, which is not permitted by
BNF described in [4]. This change was made to reflect
practice; although not permitted by the BNF described in [4],
such as 3com.com are commonly used, and accepted by current software

Please note that NAS vendors may need to modify their devices so
to support the NAI as described in this document. Devices
NAIs MUST support an NAI length of at least 72 octets

3. Formal definition of the

The grammar for the NAI is given below, described in ABNF
documented in [7]. The grammar for the username is taken from [5],
and the grammar for the realm is an updated version of [4].

nai = username / ( username "@" realm )

Aboba & Beadles Standards Track [Page 3]

RFC 2486 The Network Access Identifier January 1999

username = dot-

realm = realm "."

label = let-dig * (ldh-str

ldh-str = *( Alpha / Digit / "-" ) let-

dot-string = string / ( dot-string "." string )

string = char / ( string char )

char = c / ( "\" x )

let-dig = Alpha /

Alpha = %x41-5A / %x61-7A ; A-Z / a-

Digit = %x30-39 ;0-9

c = < any one of the 128 ASCII characters,
not any special or SP >

x = %x00-7
; all 127 ASCII characters, no

SP = %x20 ; Space

special = "<" / ">" / "(" / ")" / "[" / "]" / "\" / "."
/ "," / ";" / ":" / "@" / %x22 /

Ctl = %x00-1F / %x7
; the control characters (ASCII codes 0 through 31
; inclusive and 127)

Examples of valid Network Access Identifiers include

fred@3com.
fred@foo-9.
fred_smith@big-co.
fred=?#$&*+-/^smith@bigco.
fred@bigco.
nancy@eng.bigu.
eng!nancy@bigu.
eng%nancy@bigu.

Aboba & Beadles Standards Track [Page 4]

RFC 2486 The Network Access Identifier January 1999

Examples of invalid Network Access Identifiers include

fred@
fred@foo_9.
@howard.
fred@bigco.com@smallco.
eng:nancy@bigu.
eng;nancy@bigu.
@bigu.

4.

[1] Aboba, B., Lu J., Alsop J., Ding J. and W. Wang, "Review
Roaming Implementations", RFC 2194, September 1997.

[2] Rigney C., Rubens A., Simpson W. and S. Willens, "
Authentication Dial In User Service (RADIUS)", RFC 2138,
1997.

[3] Rigney C., "RADIUS Accounting", RFC 2139, April 1997.

[4] Mockapetris, P., "Domain Names - Implementation
Specification", STD 13, RFC 1035, November 1987.

[5] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821,
August 1982.

[6] Gulbrandsen A. and P. Vixie, "A DNS RR for specifying
location of services (DNS SRV)", RFC 2052, October 1996.

[7] Crocker, D. and P. Overrell, "Augmented BNF for
Specifications: ABNF", RFC 2234, November 1997.

[8] Kent, S. and R. Atkinson, "Security Architecture for
Internet Protocol", RFC 2401, November 1998.

[9] Bradner, S., "Key words for use in RFCs to Indicate
Levels", BCP 14, RFC 2119, March 1997.

5. Security

Since an NAI reveals the home affiliation of a user, it may assist
attacker in further probing the username space. Typically
problem is of most concern in protocols which transmit the user
in clear-text across the Internet, such as in RADIUS, described
[2] and [3]. In order to prevent snooping of the user name
protocols may use confidentiality services provided by IPSEC
described in [8].

Aboba & Beadles Standards Track [Page 5]

RFC 2486 The Network Access Identifier January 1999

6. IANA

This document defines a new namespace that will need to
administered, namely the NAI realm namespace. In order to to
creating any new administrative procedures, administration of the
realm namespace will piggyback on the administration of the
namespace

NAI realm names are required to be unique and the rights to use
given NAI realm for roaming purposes are obtained coincident
acquiring the rights to use a particular fully qualified domain
(FQDN). Those wishing to use an NAI realm name should first
the rights to use the corresponding FQDN. Using an NAI realm
ownership of the corresponding FQDN creates the possibility
conflict and therefore is to be discouraged

Note that the use of an FQDN as the realm name does not imply use
the DNS for location of the authentication server or
authentication routing. Since to date roaming has been
on a relatively small scale, existing implementations
handle location of authentication servers within a domain and
authentication routing based on local knowledge expressed in
configuration files. The implementations described in [1] have
found a need for use of DNS for location of the authentication
within a domain, although this can be accomplished via use of the
SRV record, described in [6]. Similarly, existing
have not found a need for dynamic routing protocols, or
of global routing information. Note also that there is
requirement that the NAI represent a valid email address

7.

Thanks to Glen Zorn of Microsoft for many useful discussions
this problem space

Aboba & Beadles Standards Track [Page 6]

RFC 2486 The Network Access Identifier January 1999

8. Authors'

Bernard
Microsoft
One Microsoft
Redmond, WA 98052

Phone: 425-936-6605
EMail: bernarda@microsoft.

Mark A.
WorldCom Advanced
5000 Britton Rd
Hilliard, OH 43026

Phone: 614-723-1941
EMail: mbeadles@wcom.

Aboba & Beadles Standards Track [Page 7]

RFC 2486 The Network Access Identifier January 1999

9. Full Copyright

Copyright (C) The Internet Society (1999). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE

Aboba & Beadles Standards Track [Page 8]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX