In order to reduce the optionality, can we say: - PAA MUST send lifetime (when infinity, it can send maxint). - PaC SHOULD initiate re-auth before lifetime expires. A "should" because PaC may choose not to extend the authorization. Or we can make it a must with a conditional "if PaC wants to extend....". - PAA MAY initiate re-auth. Now, this one does not have to be related to lifetime expiry, given that we put that burden on the PaC.
Does this make sense? Alper > -----Original Message----- > From: MORAND Lionel RD-CORE-ISS [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 12, 2007 12:43 PM > To: Alper Yegin; [email protected] > Subject: [Pana] PAA initiating Re-authentication > > Hi, > > In section 5.7 Session Lifetime, it is stated: > > "The PAA MUST initiate the re-authentication phase before the current > session lifetime expires." > > I can't figure out why there is a "MUST" in that case. > > As documented in the draft, > > - The session lifetime is not negociable between the PAA and the PaC. > - The session lifetime may be sent to the PaC. If not, the PaC considers > the PANA session as unlimited. > - Both PaC and PAA may initiate a re-authentication procedure regardless > of the session lifetime. > > Could we just have the following principles: > > - If the session lifetime is sent to the PaC: > The PaC should re-authenticate before the expiration of the session > lifetime. Otherwise, the session is deleted by the PAA at the expiration > of the session lifetime (and the PaC will purge related local state). > The PAA may initiate a re-authentication procedure before the expiration > of the session lifetime. Otherwise, the session is deleted by the PAA at > the expiration of the session lifetime (and the PaC will purge related > local state). > Both PaC and PAA may initiate a re-authentication procedure regardless of > the session lifetime. > > - If the session lifetime is sent to the PaC: > The PAA may initiate a re-authentication procedure before the expiration > of the session lifetime. Otherwise, the session is deleted at the > expiration of the session lifetime. > Both PaC and PAA may initiate a re-authentication procedure regardless of > the session lifetime. > > > With these principles, it is up to the PaC to maintain active its PANA > session when infomed by the network (PAA) of the authorized session > lifetime. > There is no strong requirement for the PAA/network point of view to . It > is therefore up to the network operator to configure the PAA expected > behaviour. > > Comments? > > Lionel > > > > -----Message d'origine----- > > De : Alper Yegin [mailto:[EMAIL PROTECTED] > > Envoyé : jeudi 5 avril 2007 10:06 > > À : [email protected] > > Objet : [Pana] Review pana-pana-15a > > > > > > PANA specification is reviewed based on the last round of AD > > comments (thanks Yoshi!). > > > > The spec is here: > > > > http://www.panasec.org/docs/editing/draft-ietf-pana-pana-15a.txt > > > > And it's diff with the version that predates last round of AD comments > > (-13): > > > > http://www.panasec.org/docs/editing/draft-ietf-pana-pana-15a-f > > rom-3.diff.htm > > l > > > > Please review the document and register your feedback by the > > end of April 12, Thursday. > > > > Upon collecting and resolving any issues, the document will > > proceed to IETF last call. > > > > Thanks > > > > Alper > > > > > > > > > > > > > > > > _______________________________________________ > > Pana mailing list > > [email protected] > > https://www1.ietf.org/mailman/listinfo/pana > > _______________________________________________ Pana mailing list [email protected] https://www1.ietf.org/mailman/listinfo/pana
