It makes sense! ;) For the PaC behavior, i think that a "If PaC wants... then PaC MUST" is acceptable. Ok for the behavior of the PAA. It MAY initiate the re-auth when it wants.
BR, Lionel > -----Message d'origine----- > De : Alper Yegin [mailto:[EMAIL PROTECTED] > Envoyé : jeudi 19 avril 2007 08:32 > À : MORAND Lionel RD-CORE-ISS; [email protected] > Objet : RE: [Pana] PAA initiating Re-authentication > > > In order to reduce the optionality, can we say: > > - PAA MUST send lifetime (when infinity, it can send maxint). > - PaC SHOULD initiate re-auth before lifetime expires. A > "should" because PaC may choose not to extend the > authorization. Or we can make it a must with a conditional > "if PaC wants to extend....". > - PAA MAY initiate re-auth. Now, this one does not have to be > related to lifetime expiry, given that we put that burden on the PaC. > > Does this make sense? > > Alper > > > > > > -----Original Message----- > > From: MORAND Lionel RD-CORE-ISS > > [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 12, 2007 12:43 PM > > To: Alper Yegin; [email protected] > > Subject: [Pana] PAA initiating Re-authentication > > > > Hi, > > > > In section 5.7 Session Lifetime, it is stated: > > > > "The PAA MUST initiate the re-authentication phase before > the current > > session lifetime expires." > > > > I can't figure out why there is a "MUST" in that case. > > > > As documented in the draft, > > > > - The session lifetime is not negociable between the PAA > and the PaC. > > - The session lifetime may be sent to the PaC. If not, the PaC > > considers the PANA session as unlimited. > > - Both PaC and PAA may initiate a re-authentication procedure > > regardless of the session lifetime. > > > > Could we just have the following principles: > > > > - If the session lifetime is sent to the PaC: > > The PaC should re-authenticate before the expiration of the session > > lifetime. Otherwise, the session is deleted by the PAA at the > > expiration of the session lifetime (and the PaC will purge > related local state). > > The PAA may initiate a re-authentication procedure before the > > expiration of the session lifetime. Otherwise, the session > is deleted > > by the PAA at the expiration of the session lifetime (and > the PaC will > > purge related local state). > > Both PaC and PAA may initiate a re-authentication procedure > regardless > > of the session lifetime. > > > > - If the session lifetime is sent to the PaC: > > The PAA may initiate a re-authentication procedure before the > > expiration of the session lifetime. Otherwise, the session > is deleted > > at the expiration of the session lifetime. > > Both PaC and PAA may initiate a re-authentication procedure > regardless > > of the session lifetime. > > > > > > With these principles, it is up to the PaC to maintain > active its PANA > > session when infomed by the network (PAA) of the authorized session > > lifetime. > > There is no strong requirement for the PAA/network point of > view to . > > It is therefore up to the network operator to configure the PAA > > expected behaviour. > > > > Comments? > > > > Lionel > > > > > > > -----Message d'origine----- > > > De : Alper Yegin [mailto:[EMAIL PROTECTED] Envoyé : jeudi 5 > > > avril 2007 10:06 À : [email protected] Objet : [Pana] Review > > > pana-pana-15a > > > > > > > > > PANA specification is reviewed based on the last round of AD > > > comments (thanks Yoshi!). > > > > > > The spec is here: > > > > > > http://www.panasec.org/docs/editing/draft-ietf-pana-pana-15a.txt > > > > > > And it's diff with the version that predates last round of AD > > > comments > > > (-13): > > > > > > http://www.panasec.org/docs/editing/draft-ietf-pana-pana-15a-f > > > rom-3.diff.htm > > > l > > > > > > Please review the document and register your feedback by > the end of > > > April 12, Thursday. > > > > > > Upon collecting and resolving any issues, the document > will proceed > > > to IETF last call. > > > > > > Thanks > > > > > > Alper > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Pana mailing list > > > [email protected] > > > https://www1.ietf.org/mailman/listinfo/pana > > > > > _______________________________________________ Pana mailing list [email protected] https://www1.ietf.org/mailman/listinfo/pana
