Network Working Group L-N. Hamer
Request for Comments: 3521 B. Gage
Category: Informational Nortel Networks
H. Shieh
AT&T Wireless
April 2003
Network Working Group L-N. Hamer
Request for Comments: 3521 B. Gage
Category: Informational Nortel Networks
H. Shieh
AT&T Wireless
April 2003
Framework for Session Set-up with Media Authorization
使用媒体授权设置会话的框架
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
Establishing multimedia streams must take into account requirements for end-to-end QoS, authorization of network resource usage and accurate accounting for resources used. During session set up, policies may be enforced to ensure that the media streams being requested lie within the bounds of the service profile established for the requesting host. Similarly, when a host requests resources to provide a certain QoS for a packet flow, policies may be enforced to ensure that the required resources lie within the bounds of the resource profile established for the requesting host.
建立多媒体流必须考虑端到端QoS的要求、网络资源使用的授权以及对所用资源的准确核算。在会话设置期间,可以实施策略以确保被请求的媒体流位于为请求主机建立的服务配置文件的范围内。类似地,当主机请求资源以提供分组流的特定QoS时,可以实施策略以确保所需资源位于为请求主机建立的资源简档的边界内。
To prevent fraud and to ensure accurate billing, this document describes various scenarios and mechanisms that provide the linkage required to verify that the resources being used to provide a requested QoS are in-line with the media streams requested (and authorized) for the session.
为了防止欺诈和确保准确计费,本文档描述了各种场景和机制,这些场景和机制提供了验证用于提供请求的QoS的资源是否与会话请求(和授权)的媒体流一致所需的链接。
Table of Contents
目录
1. Introduction....................................................2
2. Conventions used in this document...............................3
3. Definition of terms.............................................4
4. The Coupled Model...............................................5
4.1 Coupled Model Message Flows...............................6
4.2 Coupled Model Authorization Token.........................8
4.3 Coupled Model Protocol Impacts............................8
5. The Associated Model <<using One Policy Server>>................8
5.1 Associated Model Message Flows
<<using One Policy Server>>...............................9
5.2 Associated Model Authorization Token
<<using One Policy Server>>..............................11
5.3 Associated Model Protocol Impacts
<<using One Policy Server>>..............................11
5.4 Associated Model Network Impacts
<<using One Policy Server>>..............................12
6. The Associated Model <<using Two Policy Servers>>..............12
6.1 Associated Model Message Flows
<<using Two Policy Servers>>.............................13
6.2 Associated Model Authorization Token
<<using Two Policy Servers>>.............................15
6.3 Associated Model Protocol Impacts
<<using Two Policy Servers>>.............................16
7. The Non-Associated Model........................................16
7.1 Non-Associated Model Message Flow........................17
7.2 Non-Associated Model Authorization Token.................19
7.3 Non-Associated Model Protocol Impacts....................19
8. Conclusions....................................................20
9. Security Considerations........................................21
10. Normative References...........................................22
11. Informative References.........................................23
12. Acknowledgments................................................23
13. Authors' Addresses.............................................24
14. Full Copyright Statement.......................................25
1. Introduction....................................................2
2. Conventions used in this document...............................3
3. Definition of terms.............................................4
4. The Coupled Model...............................................5
4.1 Coupled Model Message Flows...............................6
4.2 Coupled Model Authorization Token.........................8
4.3 Coupled Model Protocol Impacts............................8
5. The Associated Model <<using One Policy Server>>................8
5.1 Associated Model Message Flows
<<using One Policy Server>>...............................9
5.2 Associated Model Authorization Token
<<using One Policy Server>>..............................11
5.3 Associated Model Protocol Impacts
<<using One Policy Server>>..............................11
5.4 Associated Model Network Impacts
<<using One Policy Server>>..............................12
6. The Associated Model <<using Two Policy Servers>>..............12
6.1 Associated Model Message Flows
<<using Two Policy Servers>>.............................13
6.2 Associated Model Authorization Token
<<using Two Policy Servers>>.............................15
6.3 Associated Model Protocol Impacts
<<using Two Policy Servers>>.............................16
7. The Non-Associated Model........................................16
7.1 Non-Associated Model Message Flow........................17
7.2 Non-Associated Model Authorization Token.................19
7.3 Non-Associated Model Protocol Impacts....................19
8. Conclusions....................................................20
9. Security Considerations........................................21
10. Normative References...........................................22
11. Informative References.........................................23
12. Acknowledgments................................................23
13. Authors' Addresses.............................................24
14. Full Copyright Statement.......................................25
Various mechanisms have been defined through which end hosts can use a session management protocol (e.g., SIP [6]) to indicate that QoS requirements must be met in order to successfully set up a session. However, a separate protocol (e.g., RSVP [7]) is used to request the resources required to meet the end-to-end QoS of the media stream. To prevent fraud and to ensure accurate billing, some linkage is
已经定义了各种机制,通过这些机制,终端主机可以使用会话管理协议(例如,SIP[6])来指示必须满足QoS要求才能成功地建立会话。然而,使用单独的协议(例如,RSVP[7])来请求满足媒体流的端到端QoS所需的资源。为了防止欺诈和确保准确的账单,需要进行一些链接
required to verify that the resources being used to provide the requested QoS are in-line with the media streams requested (and authorized) for the session.
需要验证用于提供请求的QoS的资源是否与会话请求(和授权)的媒体流一致。
This document describes such a linkage through use of a "token" that provides capabilities similar to that of a gate in [12] and of a ticket in the push model of [10]. The token is generated by a policy server (or a session management server) and is transparently relayed through the end host to the edge router where it is used as part of the policy-controlled flow admission process.
本文档描述了通过使用“令牌”实现的这种链接,该令牌提供了类似于[12]中的门和[10]推送模型中的票证的功能。令牌由策略服务器(或会话管理服务器)生成,并通过终端主机透明地中继到边缘路由器,在那里它被用作策略控制流许可过程的一部分。
In some environments, authorization of media streams can exploit the fact that pre-established relationships exist between elements of the network (e.g., session management servers, edge routers, policy servers and end hosts). Pre-established relationships assume that the different network elements are configured with the identities of the other network elements and, if necessary, are configured with security keys, etc. required to establish a trust relationship. In other environments, however, such pre-established relationships may not exist either due to the complexity of creating these associations a priori (e.g., in a network with many elements), or due to the different business entities involved (e.g., service provider and access provider), or due to the dynamic nature of these associations (e.g., in a mobile environment).
在某些环境中,媒体流的授权可以利用网络元素(例如,会话管理服务器、边缘路由器、策略服务器和终端主机)之间存在预先建立的关系这一事实。预先建立的关系假定不同的网络元件配置有其他网络元件的标识,并且在必要时配置有建立信任关系所需的安全密钥等。然而,在其他环境中,由于事先创建这些关联的复杂性(例如,在具有许多元素的网络中),或者由于所涉及的不同商业实体(例如,服务提供商和接入提供商),或者由于这些关联的动态性,可能不存在这种预先建立的关系(例如,在移动环境中)。
In this document, we describe these various scenarios and the mechanisms used for exchanging information between network elements in order to authorize the use of resources for a service and to coordinate actions between the session and resource management entities. Specific extensions to session management protocols (e.g., SIP [6], H.323), to resource reservation protocols (e.g., RSVP [4], YESSIR) and to policy management protocols (e.g., COPS-PR [9], COPS-RSVP [3]) required to realize these scenarios and mechanisms are beyond the scope of this document.
在本文档中,我们描述了这些不同的场景和用于在网元之间交换信息的机制,以便授权使用服务的资源,并协调会话和资源管理实体之间的操作。实现这些场景和机制所需的会话管理协议(如SIP[6],H.323)、资源预留协议(如RSVP[4],YESSIR)和策略管理协议(如COPS-PR[9],COPS-RSVP[3])的特定扩展超出了本文件的范围。
For clarity, this document will illustrate the media authorization concepts using SIP for session signalling, RSVP for resource reservation and COPS for interaction with the policy servers. Note, however, that the framework could be applied to a multimedia services scenario using different signalling protocols.
为清楚起见,本文档将说明使用SIP进行会话信令、使用RSVP进行资源预留以及使用COP与策略服务器交互的媒体授权概念。然而,请注意,该框架可以应用于使用不同信令协议的多媒体服务场景。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [1].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[1]中的描述进行解释。
Figure 1 introduces a generic model for session establishment, QoS and policy enforcement.
图1介绍了会话建立、QoS和策略实施的通用模型。
+-------------------------------------+ +---+
| SCD - Service Control Domain | | |
| +-----------------------+ +--------+| | I |
| |Session management | |Policy || | n |
| |server | |Server || | t |
| | +---------+ +------+ | | +----+||<->| e |
| | |SIP Proxy| |PEP |<-|-|->|PDP ||| | r |
| | +---------+ +------+ | | +----+|| | - |
| +-----------------------+ +--------+| | c |
| | | o |
+-------------------------------------+ | n |
| n |
+-------------------------------------+ | e |
| RCD - Resource Control Domain | | c |
| | | t |
| | | i |
| +------------+ +-------------+ | | n |
+----------+ | |Edge Router | |Policy Server| | | g |
| End | | | | | | | | |
| Host | | |+----------+| |+----------+ | | | N |
|+--------+| | ||RSVP Agent|| ||PDP | | | | e |
||RSVP ||<->| |+----------+|<-->|+----------+ | |<->| t |
||Client || | |+----------+| | | | | w |
|+--------+| | || PEP || | | | | o |
||SIP User|| | |+----------+| | | | | r |
||Agent || | +------------+ +-------------+ | | k |
|+--------+| | | | |
+----------+ +-------------------------------------+ +---+
+-------------------------------------+ +---+
| SCD - Service Control Domain | | |
| +-----------------------+ +--------+| | I |
| |Session management | |Policy || | n |
| |server | |Server || | t |
| | +---------+ +------+ | | +----+||<->| e |
| | |SIP Proxy| |PEP |<-|-|->|PDP ||| | r |
| | +---------+ +------+ | | +----+|| | - |
| +-----------------------+ +--------+| | c |
| | | o |
+-------------------------------------+ | n |
| n |
+-------------------------------------+ | e |
| RCD - Resource Control Domain | | c |
| | | t |
| | | i |
| +------------+ +-------------+ | | n |
+----------+ | |Edge Router | |Policy Server| | | g |
| End | | | | | | | | |
| Host | | |+----------+| |+----------+ | | | N |
|+--------+| | ||RSVP Agent|| ||PDP | | | | e |
||RSVP ||<->| |+----------+|<-->|+----------+ | |<->| t |
||Client || | |+----------+| | | | | w |
|+--------+| | || PEP || | | | | o |
||SIP User|| | |+----------+| | | | | r |
||Agent || | +------------+ +-------------+ | | k |
|+--------+| | | | |
+----------+ +-------------------------------------+ +---+
Figure 1: Generic media authorization network model
图1:通用媒体授权网络模型
EH - End Host: The End Host is a device used by a subscriber to access network services. The End Host includes a client for requesting network services (e.g., through SIP) and a client for requesting network resources (e.g., through RSVP).
EH - End Host: The End Host is a device used by a subscriber to access network services. The End Host includes a client for requesting network services (e.g., through SIP) and a client for requesting network resources (e.g., through RSVP).translate error, please retry
ER - Edge Router: The Edge Router is a network element connecting the end host to the rest of the Resource Control Domain. The Edge Router contains a PEP to enforce policies related to resource usage in the Resource Control Domain by the End Host. It also contains a signalling agent (e.g., for RSVP) for handling resource reservation requests from the End Host.
ER-边缘路由器:边缘路由器是将终端主机连接到资源控制域其余部分的网元。边缘路由器包含一个PEP,用于强制执行与终端主机在资源控制域中的资源使用相关的策略。它还包含一个信令代理(例如,用于RSVP),用于处理来自终端主机的资源预留请求。
PDP - Policy Decision Point: The PDP is a logical entity located in the Policy Server that is responsible for authorizing or denying access to services and/or resources.
PDP-策略决策点:PDP是位于策略服务器中的逻辑实体,负责授权或拒绝访问服务和/或资源。
PEP - Policy Enforcement Point: The PEP is a logical entity that enforces policy decisions made by the PDP. Note that other PEPs may reside in other network elements not shown in the model of Figure 1, however they will not be discussed in this document.
政治公众人物-政策执行点:政治公众人物是一个逻辑实体,负责执行PDP做出的政策决策。注意,其他PEP可能驻留在图1的模型中未显示的其他网络元素中,但是本文档将不讨论它们。
PS - Policy Server: The Policy Server is a network element that includes a PDP. Note that there may be a PS in the Service Control Domain to control use of services and there may be a separate PS in the Resource Control Domain to control use of resources along the packet forwarding path. Note also that network topology may require multiple Policy Servers within either Domain, however they provide consistent policy decisions to offer the appearance of a single PDP in each Domain.
PS-策略服务器:策略服务器是包含PDP的网络元素。注意,在服务控制域中可能存在用于控制服务使用的PS,并且在资源控制域中可能存在用于控制沿分组转发路径的资源使用的单独PS。还请注意,网络拓扑可能需要在任一域中使用多个策略服务器,但是它们提供一致的策略决策,以在每个域中提供单个PDP的外观。
RCD - Resource Control Domain: The Resource Control Domain is a logical grouping of elements that provide connectivity along the packet forwarding paths to and from an End Host. The RCD contains ER and PS entities whose responsibilities include management of resources along the packet forwarding paths. Note that there may be one or more RCDs within an autonomous domain.
RCD-资源控制域:资源控制域是元素的逻辑分组,这些元素沿数据包转发路径与终端主机之间提供连接。RCD包含ER和PS实体,其职责包括沿分组转发路径管理资源。注意,自治域内可能有一个或多个RCD。
SCD - Service Control Domain: The Service Control Domain is a logical grouping of elements that offer applications and content to subscribers of their services. The Session Management Server resides in the SCD along with a PS. Note that there may be one or more SCDs within an autonomous domain.
SCD-服务控制域:服务控制域是向服务订户提供应用程序和内容的元素的逻辑分组。会话管理服务器与PS一起驻留在SCD中。请注意,自治域中可能有一个或多个SCD。
SMS - Session Management Server: The Session Management Server is a network element providing session management services (e.g., telephony call control). The Session Management Server contains a PEP to enforce policies related to use of services by the End Host. It also contains a signalling agent or proxy (e.g., for SIP) for handling service requests from the End Host.
SMS-会话管理服务器:会话管理服务器是提供会话管理服务(例如,电话呼叫控制)的网元。会话管理服务器包含一个PEP,用于强制执行与终端主机使用服务相关的策略。它还包含一个信令代理或代理(例如,用于SIP),用于处理来自终端主机的服务请求。
In some environments, a pre-established trust relationship exists between elements of the network (e.g., session management servers, edge routers, policy servers and end hosts). We refer to this as the "coupled model", indicating the tight relationship between entities that is presumed. The key aspects of this scenario are the following:
在某些环境中,网络元素(例如,会话管理服务器、边缘路由器、策略服务器和终端主机)之间存在预先建立的信任关系。我们将其称为“耦合模型”,表示假定的实体之间的紧密关系。此场景的关键方面如下所示:
- Policy decisions, including media authorization, are made by a single Policy Server.
- 策略决策(包括媒体授权)由单个策略服务器做出。
- The Edge Router, Session Management Servers and Policy Server involved in establishing the session are known a priori. For example, the End Host may be configured to use a Session Management Server associated with the Edge Router to which the EH is connected.
- 建立会话所涉及的边缘路由器、会话管理服务器和策略服务器是先验的。例如,终端主机可被配置为使用与EH所连接的边缘路由器相关联的会话管理服务器。
- There are pre-defined trust relationships between the SMS and the PS and between the ER and the PS.
- SMS和PS之间以及ER和PS之间存在预定义的信任关系。
+--------+
+------+ | |
| | 1 +--------------------+ 2 | |
| |-------->| Session Management |----->| |
| |<--------| Server |<-----| |
| | 4 +--------------------+ 3 | |
| End | | Policy |
| Host | | Server |
| | | |
| | 5 +--------------------+ 6 | |
| |-------->| Edge |----->| |
| |<--------| Router |<-----| |
| | 8 +--------------------+ 7 | |
+------+ | |
+--------+
+--------+
+------+ | |
| | 1 +--------------------+ 2 | |
| |-------->| Session Management |----->| |
| |<--------| Server |<-----| |
| | 4 +--------------------+ 3 | |
| End | | Policy |
| Host | | Server |
| | | |
| | 5 +--------------------+ 6 | |
| |-------->| Edge |----->| |
| |<--------| Router |<-----| |
| | 8 +--------------------+ 7 | |
+------+ | |
+--------+
Figure 2: The Coupled Model
图2:耦合模型
In this model, it is assumed that there is one Policy Server serving both the Service Control and Resource Control Domains and that there are pre-defined trust relationships between the PS and SMS and between the PS and ER. Communications between these entities are then possible as described below. Only the originating side flows are described for simplicity. The same concepts apply to the terminating side.
在该模型中,假设有一个策略服务器同时服务于服务控制域和资源控制域,并且PS和SMS之间以及PS和ER之间存在预定义的信任关系。这些实体之间的通信可以如下所述。为了简单起见,仅描述原始侧流。同样的概念也适用于端接端。
1. The End Host issues a session set-up request (e.g., SIP INVITE) to the Session Management Server indicating, among other things, the media streams to be used in the session. As part of this step, the End Host may authenticate itself to the Session Management Server.
1. 终端主机向会话管理服务器发出会话设置请求(例如,SIP INVITE),除其他外,指示要在会话中使用的媒体流。作为该步骤的一部分,终端主机可以向会话管理服务器进行自身身份验证。
2. The Session Management Server, possibly after waiting for negotiation of the media streams to be completed, sends a policy decision request (e.g., COPS REQ) to the Policy Server in order to determine if the session set-up request should be allowed to proceed.
2. 会话管理服务器可能在等待媒体流的协商完成之后,向策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许会话设置请求继续。
3. The Policy Server sends a decision (e.g., COPS DEC) to the Session Management Server, possibly after modifying the parameters of the media to be used. Included in this response is a "token" that can subsequently be used by the Policy Server to identify the session and the media it has authorized.
3. 策略服务器可能在修改要使用的介质的参数后,向会话管理服务器发送决策(例如COPS DEC)。此响应中包含一个“令牌”,策略服务器随后可以使用该令牌来标识会话及其授权的媒体。
4. The Session Management Server sends a response to the End Host (e.g., SIP 200 or 183) indicating that session set-up is complete or is progressing. Included in this response is a description of the negotiated media along with the token from the Policy Server.
4. 会话管理服务器向终端主机(例如SIP 200或183)发送指示会话设置完成或正在进行的响应。此响应中包括协商媒体的描述以及来自策略服务器的令牌。
5. The End Host issues a request (e.g., RSVP PATH) to reserve the resources necessary to provide the required QoS for the media stream. Included in this request is the token from the Policy Server provided via the Session Management Server.
5. 终端主机发出请求(例如,RSVP路径)以保留为媒体流提供所需QoS所需的资源。此请求中包括通过会话管理服务器提供的来自策略服务器的令牌。
6. The Edge Router intercepts the reservation request and sends a policy decision request (e.g., COPS REQ) to the Policy Server in order to determine if the resource reservation request should be allowed to proceed. Included in this request is the token from the Policy Server provided by the End Host. The Policy Server uses this token to correlate the request for resources with the media authorization previously provided to the Session Management Server.
6. 边缘路由器截取保留请求,并向策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许资源保留请求继续。此请求中包括来自最终主机提供的策略服务器的令牌。策略服务器使用此令牌将资源请求与先前提供给会话管理服务器的媒体授权关联起来。
7. The Policy Server sends a decision (e.g., COPS DEC) to the Edge Router, possibly after modifying the parameters of the resources to be reserved.
7. 策略服务器可能在修改要保留的资源的参数后,向边缘路由器发送决策(例如,COPS DEC)。
8. The Edge Router, possibly after waiting for end-to-end negotiation for resources to be completed, sends a response to the End Host (e.g., RSVP RESV) indicating that resource reservation is complete or is progressing.
8. 边缘路由器可能在等待完成资源的端到端协商之后,向终端主机(例如,RSVP RESV)发送响应,指示资源预留已完成或正在进行中。
In the Coupled Model, the Policy Server is the only network entity that needs to interpret the contents of the token. Therefore, in this model, the contents of the token are implementation dependent. Since the End Host is assumed to be untrusted, the Policy Server SHOULD take measures to ensure that the integrity of the token is preserved in transit; the exact mechanisms to be used are also implementation dependent.
在耦合模型中,策略服务器是唯一需要解释令牌内容的网络实体。因此,在这个模型中,令牌的内容依赖于实现。由于假定终端主机不受信任,策略服务器应采取措施确保令牌的完整性在传输过程中得以保持;要使用的确切机制也取决于实现。
The use of a media authorization token in the Coupled Model requires the addition of new fields to several protocols:
在耦合模型中使用媒体授权令牌需要在多个协议中添加新字段:
- Resource reservation protocol. A new protocol field or object MUST be added to the resource reservation protocol to transparently transport the token from the End Host to the Edge Router. The content and internal structure (if any) of this object SHOULD be opaque to the resource reservation protocol. For example, this is achieved in RSVP with the Policy Data object defined in [8].
- 资源预留协议。必须向资源保留协议添加新的协议字段或对象,以便将令牌从终端主机透明地传输到边缘路由器。此对象的内容和内部结构(如果有)对于资源保留协议应该是不透明的。例如,这是通过在[8]中定义的策略数据对象在RSVP中实现的。
- Policy management protocol. A new protocol field or object MUST be added to the policy management protocol to transparently transport the token from the Policy Server to the Session Management Server and from the Edge Router to the Policy Server. The content and internal structure (if any) of this object SHOULD be opaque to the policy management protocol. For example, this is achieved in COPS-RSVP with the Policy Data object defined in [8].
- 策略管理协议。必须将新的协议字段或对象添加到策略管理协议,以透明地将令牌从策略服务器传输到会话管理服务器,并从边缘路由器传输到策略服务器。此对象的内容和内部结构(如果有)对于策略管理协议来说应该是不透明的。例如,这是在COPS-RSVP中使用[8]中定义的策略数据对象实现的。
- Session management protocol. A new protocol field or object MUST be added to the session management protocol to transparently transport the media authorization token from the Session Management Server to the End Host. The content and internal structure (if any) of this object SHOULD be opaque to the session management protocol (e.g., SIP [6]).
- 会话管理协议。必须将新的协议字段或对象添加到会话管理协议中,才能将媒体授权令牌从会话管理服务器透明地传输到终端主机。该对象的内容和内部结构(如果有)对于会话管理协议(例如SIP[6])应该是不透明的。
In this scenario, there are multiple instances of the Session Management Servers, Edge Routers and Policy Servers. This leads to a network of sufficient complexity that it precludes distributing knowledge of network topology to all network entities. The key aspects of this scenario are the following:
在此场景中,存在会话管理服务器、边缘路由器和策略服务器的多个实例。这导致了一个足够复杂的网络,它排除了将网络拓扑知识分发给所有网络实体的可能性。此场景的关键方面如下所示:
- Policy decisions, including media authorization, are made by the same Policy Server for both the Session Management Server and the Edge Router. However, the Policy Server may change on a per-transaction basis, i.e., on a per policy request basis.
- 策略决策(包括媒体授权)由会话管理服务器和边缘路由器的同一策略服务器做出。然而,策略服务器可以基于每个事务进行更改,即基于每个策略请求进行更改。
- The Edge Router, Session Management Server and Policy Server involved in establishing the session are not known a priori. For example, the End Host may be dynamically configured to use one of a pool of Session Management Servers and each of the Session Management Servers may be statically configured to use one of a pool of Policy Servers.
- 建立会话所涉及的边缘路由器、会话管理服务器和策略服务器是未知的。例如,终端主机可以被动态配置为使用会话管理服务器池中的一个,并且每个会话管理服务器可以被静态配置为使用策略服务器池中的一个。
In another example, the End Host may be mobile and continually changing the Edge Router that its point of attachment uses to communicate with the rest of the network.
在另一个示例中,终端主机可以是移动的,并且不断地改变其连接点用于与网络其余部分通信的边缘路由器。
- There are pre-defined trust relationships between the SMS and the PS and between the ER and the PS.
- SMS和PS之间以及ER和PS之间存在预定义的信任关系。
+---------------------+ +---------+
| SMS 'n' |<-->| PS 'm' |
+---------------------+ +--------+ |
+------+ : : : | | |
| | 1 +--------------------+ 2 | | |
| |-------->| Session Management |----->| | |
| |<--------| Server 1 |<-----| | |
| | 4 +--------------------+ 3 | | |
| End | | Policy | |
| Host | +--------------------+ | Server | |
| | | ER 'n' | | 1 | |
| | 5 +-+------------------+ | | | |
| |-------->| Edge |-+ 6 | | |
| |<--------| Router |----->| | |
| | 8 +--------------------+ 7 | | |
+------+ <-----| |-+
+--------+
+---------------------+ +---------+
| SMS 'n' |<-->| PS 'm' |
+---------------------+ +--------+ |
+------+ : : : | | |
| | 1 +--------------------+ 2 | | |
| |-------->| Session Management |----->| | |
| |<--------| Server 1 |<-----| | |
| | 4 +--------------------+ 3 | | |
| End | | Policy | |
| Host | +--------------------+ | Server | |
| | | ER 'n' | | 1 | |
| | 5 +-+------------------+ | | | |
| |-------->| Edge |-+ 6 | | |
| |<--------| Router |----->| | |
| | 8 +--------------------+ 7 | | |
+------+ <-----| |-+
+--------+
Figure 3: The Associated Model using One Policy Server
图3:使用一个策略服务器的关联模型
In this model, it is assumed that a Policy Server can make decisions for both the Service Control and Resource Control Domains and that there are pre-defined trust relationships between the PS and SMS and between the PS and ER. Communications between these entities are then possible as described below. Only the originating side flows are described for simplicity. The same concepts apply to the terminating side.
在此模型中,假设策略服务器可以为服务控制域和资源控制域做出决策,并且PS和SMS之间以及PS和ER之间存在预定义的信任关系。这些实体之间的通信可以如下所述。为了简单起见,仅描述原始侧流。同样的概念也适用于端接端。
1. The End Host issues a session set-up request (e.g., SIP INVITE) to the Session Management Server indicating, among other things, the media streams to be used in the session. As part of this step, the End Host may authenticate itself to the Session Management Server.
1. 终端主机向会话管理服务器发出会话设置请求(例如,SIP INVITE),除其他外,指示要在会话中使用的媒体流。作为该步骤的一部分,终端主机可以向会话管理服务器进行自身身份验证。
2. The Session Management Server, possibly after waiting for negotiation of the media streams to be completed, sends a policy decision request (e.g., COPS REQ) to the Policy Server in order to determine if the session set-up request should be allowed to proceed.
2. 会话管理服务器可能在等待媒体流的协商完成之后,向策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许会话设置请求继续。
3. The Policy Server sends a decision (e.g., COPS DEC) to the Session Management Server, possibly after modifying the parameters of the media to be used. Included in this response is a "token" that can subsequently be used by the Policy Server to identify the session and the media it has authorized.
3. 策略服务器可能在修改要使用的介质的参数后,向会话管理服务器发送决策(例如COPS DEC)。此响应中包含一个“令牌”,策略服务器随后可以使用该令牌来标识会话及其授权的媒体。
4. The Session Management Server sends a response to the End Host (e.g., SIP 200 or 183) indicating that session set-up is complete or is progressing. Included in this response is a description of the negotiated media along with the token from the Policy Server.
4. 会话管理服务器向终端主机(例如SIP 200或183)发送指示会话设置完成或正在进行的响应。此响应中包括协商媒体的描述以及来自策略服务器的令牌。
5. The End Host issues a request (e.g., RSVP PATH) to reserve the resources necessary to provide the required QoS for the media stream. Included in this request is the token from the Policy Server provided via the Session Management Server.
5. 终端主机发出请求(例如,RSVP路径)以保留为媒体流提供所需QoS所需的资源。此请求中包括通过会话管理服务器提供的来自策略服务器的令牌。
6. The Edge Router intercepts the reservation request and inspects the token to learn which Policy Server authorized the media. It then sends a policy decision request to that Policy Server in order to determine if the resource reservation request should be allowed to proceed. Included in this request is the token from the Policy Server provided by the End Host. The Policy Server uses this token to correlate the request for resources with the media authorization previously provided to the Session Management Server.
6. 边缘路由器拦截保留请求并检查令牌,以了解哪个策略服务器授权了媒体。然后,它向该策略服务器发送一个策略决策请求,以确定是否应允许资源保留请求继续。此请求中包括来自最终主机提供的策略服务器的令牌。策略服务器使用此令牌将资源请求与先前提供给会话管理服务器的媒体授权关联起来。
7. The Policy Server sends a decision to the Edge Router, possibly after modifying the parameters of the resources to be reserved.
7. 策略服务器可能在修改要保留的资源的参数后,向边缘路由器发送决策。
8. The Edge Router, possibly after waiting for end-to-end negotiation for resources to be completed, sends a response to the End Host (e.g., RSVP RESV) indicating that resource reservation is complete or is progressing.
8. 边缘路由器可能在等待完成资源的端到端协商之后,向终端主机(例如,RSVP RESV)发送响应,指示资源预留已完成或正在进行中。
Since the ER does not know which SMS and PS are involved in session establishment, the token MUST include:
由于ER不知道会话建立涉及哪些SMS和PS,因此令牌必须包括:
- A correlation identifier. This is information that the Policy Server can use to correlate the resource reservation request with the media authorized during session set up. The Policy Server is the only network entity that needs to interpret the contents of the correlation identifier therefore, in this model, the contents of the correlation identifier are implementation dependent. Since the End Host is assumed to be untrusted, the Policy Server SHOULD take measures to ensure that the integrity of the correlation identifier is preserved in transit; the exact mechanisms to be used are also implementation dependent.
- 相关标识符。这是策略服务器可用于将资源保留请求与会话设置期间授权的媒体关联的信息。策略服务器是唯一需要解释相关标识符内容的网络实体,因此,在此模型中,相关标识符的内容取决于实现。由于假定终端主机不受信任,策略服务器应采取措施确保在传输过程中保持相关标识符的完整性;要使用的确切机制也取决于实现。
- The identity of the authorizing entity. This information is used by the Edge Router to determine which Policy Server should be used to solicit resource policy decisions.
- 授权实体的标识。边缘路由器使用此信息来确定应使用哪个策略服务器来请求资源策略决策。
In some environments, an Edge Router may have no means for determining if the identity refers to a legitimate Policy Server within its domain. In order to protect against redirection of authorization requests to a bogus authorizing entity, the token SHOULD also include:
在某些环境中,边缘路由器可能无法确定标识是否指向其域中的合法策略服务器。为了防止授权请求重定向到虚假授权实体,令牌还应包括:
- Authentication data. This authentication data is calculated over all other fields of the token using an agreed mechanism. The mechanism used by the Edge Router is beyond the scope of this document.
- 身份验证数据。使用约定的机制,通过令牌的所有其他字段计算此身份验证数据。边缘路由器使用的机制超出了本文档的范围。
The detailed semantics of an authorization token are defined in [4].
授权令牌的详细语义在[4]中定义。
The use of a media authorization token in this version of the Associated Model requires the addition of new fields to several protocols:
在此版本的关联模型中使用媒体授权令牌需要在多个协议中添加新字段:
- Resource reservation protocol. A new protocol field or object MUST be added to the resource reservation protocol to transparently transport the token from the End Host to the Edge Router. The content and internal structure of this object MUST be specified so that the Edge Router can distinguish between the elements of the token described in Section 5.2. For example, this is achieved in RSVP with the Policy Data object defined in [8].
- 资源预留协议。必须向资源保留协议添加新的协议字段或对象,以便将令牌从终端主机透明地传输到边缘路由器。必须指定该对象的内容和内部结构,以便边缘路由器能够区分第5.2节中描述的令牌元素。例如,这是通过在[8]中定义的策略数据对象在RSVP中实现的。
- Policy management protocol. A new protocol field or object MUST be added to the policy management protocol to transparently transport the token -- or at least the correlation identifier -- from the Edge Router to the Policy Server. The content and internal structure of this object SHOULD be opaque to the policy management protocol. For example, this is achieved in COPS-RSVP with the Policy Data object defined in [8].
- 策略管理协议。必须将新的协议字段或对象添加到策略管理协议中,以透明地将令牌(或至少是相关标识符)从边缘路由器传输到策略服务器。此对象的内容和内部结构对于策略管理协议来说应该是不透明的。例如,这是在COPS-RSVP中使用[8]中定义的策略数据对象实现的。
- Session management protocol. A new protocol field or object MUST be added to the session management protocol to transparently transport the media authorization token from the Session Management Server to the End Host. The content and internal structure of this object SHOULD be opaque to the session management protocol (e.g., SIP [6]).
- 会话管理协议。必须将新的协议字段或对象添加到会话管理协议中,才能将媒体授权令牌从会话管理服务器透明地传输到终端主机。该对象的内容和内部结构对于会话管理协议(例如SIP[6])应该是不透明的。
The use of a media authorization token in this version of the Associated Model requires that the Edge Router inspect the token to learn which Policy Server authorized the media. In some environments, it may not be possible for the Edge Router to perform this function; in these cases, an Associated Model using Two Policy Servers (section 6) is required.
在此版本的关联模型中使用媒体授权令牌需要边缘路由器检查令牌,以了解哪个策略服务器授权了媒体。在某些环境中,边缘路由器可能无法执行此功能;在这些情况下,需要使用两个策略服务器(第6节)的关联模型。
This version of the Associated Model also requires that the Edge Router interact with multiple Policy Servers. Policy decisions are made by the same Policy Server for both the Session Management Server and the Edge Router, however the Policy Server may change on per-transaction basis. Note that the COPS framework does not currently allow PEPs to change PDP on a per-transaction basis. To use this model, a new framework must be defined for policy decision outsourcing. This model also implies that the Policy Servers are able to interact and/or make decisions for the Edge Router in a consistent manner (e.g., as though there is only a single RCD Policy Server). How this is accomplished is beyond the scope of this document.
此版本的关联模型还要求边缘路由器与多个策略服务器交互。对于会话管理服务器和边缘路由器,策略决策由相同的策略服务器做出,但是策略服务器可能会根据每个事务进行更改。请注意,COPS框架目前不允许政治公众人物在每笔交易的基础上更改PDP。要使用该模型,必须为决策外包定义一个新的框架。该模型还意味着策略服务器能够以一致的方式为边缘路由器交互和/或作出决策(例如,就好像只有一个RCD策略服务器)。如何实现这一点超出了本文件的范围。
In this scenario, there are multiple instances of the Session Management Servers, Edge Routers and Policy Servers. This leads to a network of sufficient complexity that it precludes distributing knowledge of network topology to all network entities. The key aspects of this scenario are the following:
在此场景中,存在会话管理服务器、边缘路由器和策略服务器的多个实例。这导致了一个足够复杂的网络,它排除了将网络拓扑知识分发给所有网络实体的可能性。此场景的关键方面如下所示:
- Policy decisions, including media authorization, are made by Policy Servers.
- 策略决策(包括媒体授权)由策略服务器做出。
- There is a PS in the Resource Control Domain that is separate from the PS in the Service Control Domain.
- 资源控制域中存在与服务控制域中的PS分离的PS。
- The Edge Router, Session Management Server and Policy Servers involved in establishing the session are not known a priori. For example, the End Host may be dynamically configured to use one of a pool of Session Management Servers or the End Host may be mobile and continually changing the Edge Router that it uses to communicate with the rest of the network.
- 建立会话所涉及的边缘路由器、会话管理服务器和策略服务器是未知的。例如,终端主机可以被动态配置为使用会话管理服务器池中的一个,或者终端主机可以是移动的,并且可以持续地改变其用于与网络其余部分通信的边缘路由器。
- There is a pre-defined trust relationship between the SMS and the SCD PS.
- SMS和SCD PS之间存在预定义的信任关系。
- There is a pre-defined trust relationship between the ER and the RCD PS.
- ER和RCD PS之间存在预定义的信任关系。
- There is a pre-defined trust relationship between the RCD and SCD Policy Servers.
- RCD和SCD策略服务器之间存在预定义的信任关系。
+--------------------+ +--------+
+------+ | SMS `n' | | |
| | 1 +-+------------------+ | | SCD |
| |-------->| Session Management |-+ 2 | Policy |
| |<--------| Server |----->| Server |
| | 4 +--------------------+<-----| |
| End | 3 +--------+
| | 7 ^ |
| Host | +--------------------+ | v 8
| | | ER 'n' | +--------+
| | 5 +-+------------------+ | | |
| |-------->| Edge |-+ 6 | RCD |
| |<--------| Router |----->| Policy |
| | 10 +--------------------+<--- -| Server |
+------+ 9 | |
+--------+
+--------------------+ +--------+
+------+ | SMS `n' | | |
| | 1 +-+------------------+ | | SCD |
| |-------->| Session Management |-+ 2 | Policy |
| |<--------| Server |----->| Server |
| | 4 +--------------------+<-----| |
| End | 3 +--------+
| | 7 ^ |
| Host | +--------------------+ | v 8
| | | ER 'n' | +--------+
| | 5 +-+------------------+ | | |
| |-------->| Edge |-+ 6 | RCD |
| |<--------| Router |----->| Policy |
| | 10 +--------------------+<--- -| Server |
+------+ 9 | |
+--------+
Figure 4: The Associated Model using Two Policy Servers
图4:使用两个策略服务器的关联模型
In this model, it is assumed that there is one Policy Server for the Service Control Domain and a different Policy Server for the Resource Control Domain. There are pre-defined trust relationships between the SCD PS and SMS, between the RCD PS and ER and between the RCD and SCD Policy Servers. Communications between these entities are then possible as described below. Only the originating side flows are described for simplicity. The same concepts apply to the terminating side.
在此模型中,假定服务控制域有一个策略服务器,资源控制域有一个不同的策略服务器。SCD PS和SMS之间、RCD PS和ER之间以及RCD和SCD策略服务器之间存在预定义的信任关系。这些实体之间的通信可以如下所述。为了简单起见,仅描述原始侧流。同样的概念也适用于端接端。
1. The End Host issues a session set-up request (e.g., SIP INVITE) to the Session Management Server indicating, among other things, the media streams to be used in the session. As part of this step, the End Host may authenticate itself to the Session Management Server.
1. 终端主机向会话管理服务器发出会话设置请求(例如,SIP INVITE),除其他外,指示要在会话中使用的媒体流。作为该步骤的一部分,终端主机可以向会话管理服务器进行自身身份验证。
2. The Session Management Server, possibly after waiting for negotiation of the media streams to be completed, sends a policy decision request (e.g., COPS REQ) to the SCD Policy Server in order to determine if the session set-up request should be allowed to proceed.
2. 会话管理服务器可能在等待媒体流的协商完成之后,向SCD策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许会话设置请求继续。
3. The SCD Policy Server sends a decision (e.g., COPS DEC) to the Session Management Server, possibly after modifying the parameters of the media to be used. Included in this response is a "token" that can subsequently be used by the SCD Policy Server to identify the session and the media it has authorized.
3. SCD策略服务器可能在修改要使用的介质的参数后,向会话管理服务器发送决策(例如,COPS DEC)。此响应中包含一个“令牌”,SCD策略服务器随后可以使用该令牌来标识会话及其授权的媒体。
4. The Session Management Server sends a response to the End Host (e.g., SIP 200 or 183) indicating that session set-up is complete or is progressing. Included in this response is a description of the negotiated media along with the token from the SCD Policy Server.
4. 会话管理服务器向终端主机(例如SIP 200或183)发送指示会话设置完成或正在进行的响应。此响应中包括协商介质的描述以及来自SCD策略服务器的令牌。
5. The End Host issues a request (e.g., RSVP PATH) to reserve the resources necessary to provide the required QoS for the media stream. Included in this request is the token from the SCD Policy Server provided via the Session Management Server.
5. 终端主机发出请求(例如,RSVP路径)以保留为媒体流提供所需QoS所需的资源。此请求中包括通过会话管理服务器提供的来自SCD策略服务器的令牌。
6. The Edge Router intercepts the reservation request and sends a policy decision request (e.g., COPS REQ) to the RCD Policy Server in order to determine if the resource reservation request should be allowed to proceed. Included in this request is the token from the SCD Policy Server provided by the End Host.
6. 边缘路由器截取保留请求,并向RCD策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许资源保留请求继续。此请求中包括来自最终主机提供的SCD策略服务器的令牌。
7. The RCD Policy Server uses this token to learn which SCD Policy Server authorized the media. It then sends an authorization request [11] to that SCD Policy Server in order to determine if the resource reservation request should be allowed to proceed. Included in this request is the token from the SCD Policy Server provided by the End Host.
7. RCD策略服务器使用此令牌了解哪个SCD策略服务器授权了媒体。然后,它向该SCD策略服务器发送授权请求[11],以确定是否应允许资源保留请求继续。此请求中包括来自最终主机提供的SCD策略服务器的令牌。
8. The SCD Policy Server uses this token to correlate the request for resources with the media authorization previously provided to the Session Management Server. The SCD Policy Server sends a decision [11] to the RCD Policy Server on whether the requested resources are within the bounds authorized by the SCD Policy Server.
8. SCD策略服务器使用此令牌将资源请求与先前提供给会话管理服务器的媒体授权关联起来。SCD策略服务器向RCD策略服务器发送关于请求的资源是否在SCD策略服务器授权的范围内的决定[11]。
9. The RCD Policy Server sends a decision (e.g., COPS DEC) to the Edge Router, possibly after modifying the parameters of the resources to be reserved.
9. RCD策略服务器可能在修改要保留的资源的参数后,向边缘路由器发送决策(例如,COPS DEC)。
10. The Edge Router, possibly after waiting for end-to-end negotiation for resources to be completed, sends a response to the End Host (e.g., RSVP RESV) indicating that resource reservation is complete or is progressing
10. 边缘路由器可能在等待完成资源的端到端协商之后,向终端主机(例如,RSVP RESV)发送响应,指示资源预留已完成或正在进行中
Since the RCD Policy Server does not know which SMS and SCD PS are involved in session establishment, the token MUST include:
由于RCD策略服务器不知道会话建立涉及哪些SMS和SCD P,因此令牌必须包括:
- A correlation identifier. This is information that the SCD Policy Server can use to correlate the resource reservation request with the media authorized during session set up. The SCD Policy Server is the only network entity that needs to interpret the contents of the correlation identifier therefore, in this model, the contents of the correlation identifier are implementation dependent. Since the End Host is assumed to be untrusted, the SCD Policy Server SHOULD take measures to ensure that the integrity of the correlation identifier is preserved in transit; the exact mechanisms to be used are also implementation dependent.
- 相关标识符。这是SCD策略服务器可用于将资源保留请求与会话设置期间授权的媒体关联的信息。SCD策略服务器是唯一需要解释相关标识符内容的网络实体,因此,在此模型中,相关标识符的内容取决于实现。由于假定终端主机不受信任,SCD策略服务器应采取措施确保在传输过程中保持相关标识符的完整性;要使用的确切机制也取决于实现。
- The identity of the authorizing entity. This information is used by the RCD Policy Server to determine which SCD Policy Server should be used to verify the contents of the resource reservation request.
- 授权实体的标识。RCD策略服务器使用此信息确定应使用哪个SCD策略服务器来验证资源保留请求的内容。
In some environments, an RCD Policy Server may have no means for determining if the identity refers to a legitimate SCD Policy Server. In order to protect against redirection of authorization requests to a bogus authorizing entity, the token SHOULD include:
在某些环境中,RCD策略服务器可能无法确定标识是否指向合法的SCD策略服务器。为了防止将授权请求重定向到虚假授权实体,令牌应包括:
- Authentication data. This authentication data is calculated over all other fields of the token using an agreed mechanism. The mechanism used by the RCD Policy Server is beyond the scope of this document.
- 身份验证数据。使用约定的机制,通过令牌的所有其他字段计算此身份验证数据。RCD策略服务器使用的机制超出了本文档的范围。
Note that the information in this token is the same as that in Section 5.2 for the "One Policy Server" scenario.
请注意,此令牌中的信息与第5.2节中“一个策略服务器”场景中的信息相同。
The detailed semantics of an authorization token are defined in [4].
授权令牌的详细语义在[4]中定义。
The use of a media authorization token in this version of the Associated Model requires the addition of new fields to several protocols:
在此版本的关联模型中使用媒体授权令牌需要在多个协议中添加新字段:
- Resource reservation protocol. A new protocol field or object MUST be added to the resource reservation protocol to transparently transport the token from the End Host to the Edge Router. The content and internal structure of this object SHOULD be opaque to the resource reservation protocol. For example, this is achieved in RSVP with the Policy Data object defined in [8].
- 资源预留协议。必须向资源保留协议添加新的协议字段或对象,以便将令牌从终端主机透明地传输到边缘路由器。此对象的内容和内部结构对于资源保留协议应该是不透明的。例如,这是通过在[8]中定义的策略数据对象在RSVP中实现的。
- Policy management protocol. A new protocol field or object MUST be added to the policy management protocol to transport the token from the SCD Policy Server to the Session Management Server and from the Edge Router to the RCD Policy Server. The content and internal structure of this object MUST be specified so that the Policy Servers can distinguish between the elements of the token described in Section 6.2. For example, this is achieved in COPS-RSVP with the Policy Data object defined in [8].
- 策略管理协议。必须将新的协议字段或对象添加到策略管理协议中,以将令牌从SCD策略服务器传输到会话管理服务器,并从边缘路由器传输到RCD策略服务器。必须指定此对象的内容和内部结构,以便策略服务器能够区分第6.2节中描述的令牌元素。例如,这是在COPS-RSVP中使用[8]中定义的策略数据对象实现的。
- Session management protocol. A new protocol field or object MUST be added to the session management protocol to transparently transport the media authorization token from the Session Management Server to the End Host. The content and internal structure of this object SHOULD be opaque to the session management protocol (e.g., SIP [6]).
- 会话管理协议。必须将新的协议字段或对象添加到会话管理协议中,才能将媒体授权令牌从会话管理服务器透明地传输到终端主机。该对象的内容和内部结构对于会话管理协议(例如SIP[6])应该是不透明的。
Note that these impacts are the same as those discussed in Section 5.3 for the "One Policy Server" scenario. However the use of two Policy Servers has one additional impact:
请注意,这些影响与第5.3节中针对“一个策略服务器”场景讨论的影响相同。但是,使用两个策略服务器还有一个影响:
- Authorization protocol. A new protocol field or object MUST be added to the authorization protocol to transport the token from the RCD Policy Server to the SCD Policy Server. The content and internal structure of this object MUST be specified so that the Policy Servers can distinguish between the elements of the token described in Section 6.2.
- 授权协议。必须在授权协议中添加新的协议字段或对象,以便将令牌从RCD策略服务器传输到SCD策略服务器。必须指定此对象的内容和内部结构,以便策略服务器能够区分第6.2节中描述的令牌元素。
In this scenario, the Session Management Servers and Edge Routers are associated with different Policy Servers, the network entities do not have a priori knowledge of the topology of the network and there are no pre-established trust relationships between entities in the Resource Control Domain and entities in the Service Control Domain. The key aspects of this scenario are the following:
在此场景中,会话管理服务器和边缘路由器与不同的策略服务器相关联,网络实体不具有网络拓扑的先验知识,并且在资源控制域中的实体和服务控制域中的实体之间不存在预先建立的信任关系。此场景的关键方面如下所示:
- Policy decisions, including media authorization, are made by Policy Servers.
- 策略决策(包括媒体授权)由策略服务器做出。
- The PS in the Resource Control Domain is separate from the PS in the Service Control Domain.
- 资源控制域中的PS与服务控制域中的PS分开。
- There is a pre-defined trust relationship between the SMS and the SCD PS.
- SMS和SCD PS之间存在预定义的信任关系。
- There is a pre-defined trust relationship between the ER and the RCD PS.
- ER和RCD PS之间存在预定义的信任关系。
- There are no pre-defined trust relationships between the ER and SMS or between the RCD and SCD Policy Servers.
- ER和SMS之间或RCD和SCD策略服务器之间没有预定义的信任关系。
+--------+
+------+ | |
| | 1 +--------------------+ 2 | SCD |
| |-------->| Session Management |----->| Policy |
| |<--------| Server |<-----| Server |
| | 4 +--------------------+ 3 | |
| End | +--------+
| Host |
| | +--------+
| | 5 +--------------------+ 6 | |
| |-------->| Edge |----->| RCD |
| |<--------| Router |<-----| Policy |
| | 8 +--------------------+ 7 | Server |
+------+ | |
+--------+
+--------+
+------+ | |
| | 1 +--------------------+ 2 | SCD |
| |-------->| Session Management |----->| Policy |
| |<--------| Server |<-----| Server |
| | 4 +--------------------+ 3 | |
| End | +--------+
| Host |
| | +--------+
| | 5 +--------------------+ 6 | |
| |-------->| Edge |----->| RCD |
| |<--------| Router |<-----| Policy |
| | 8 +--------------------+ 7 | Server |
+------+ | |
+--------+
Figure 5: The Non-Associated Model
图5:非关联模型
In this model it is assumed that the policy servers make independent decisions for their respective domains, obviating the need for information exchange between policy servers. This model also enables session authorization when communication between policy servers is not possible for various reasons. It may also be used as a means to speed up session setup and still ensure proper authorization is performed.
在该模型中,假设策略服务器为各自的域做出独立决策,从而避免了策略服务器之间的信息交换需求。当由于各种原因无法在策略服务器之间进行通信时,此模型还支持会话授权。它还可用作加速会话设置并确保执行正确授权的手段。
This model does not preclude the possibility that the policy servers may communicate at other times for other purposes (e.g., exchange of accounting information).
此模型不排除策略服务器在其他时间出于其他目的(例如,交换会计信息)进行通信的可能性。
Communications between network entities in this model is described below. Only the originating side flows are described for simplicity. The same concepts apply to the terminating side.
该模型中网络实体之间的通信如下所述。为了简单起见,仅描述原始侧流。同样的概念也适用于端接端。
1. The End Host issues a session set-up request (e.g., SIP INVITE) to the Session Management Server indicating, among other things, the media streams to be used in the session. As part of this step, the End Host may authenticate itself to the Session Management Server.
1. 终端主机向会话管理服务器发出会话设置请求(例如,SIP INVITE),除其他外,指示要在会话中使用的媒体流。作为该步骤的一部分,终端主机可以向会话管理服务器进行自身身份验证。
2. The Session Management Server, possibly after waiting for negotiation of the media streams to be completed, sends a policy decision request (e.g., COPS REQ) to the SCD Policy Server in order to determine if the session set-up request should be allowed to proceed.
2. 会话管理服务器可能在等待媒体流的协商完成之后,向SCD策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许会话设置请求继续。
3. The SCD Policy Server sends a decision (e.g., COPS DEC) to the Session Management Server, possibly after modifying the parameters of the media to be used. Included in this response is a "token" that can subsequently be used by the RCD Policy Server to determine what media has been authorized.
3. SCD策略服务器可能在修改要使用的介质的参数后,向会话管理服务器发送决策(例如,COPS DEC)。此响应中包含一个“令牌”,RCD策略服务器随后可以使用该令牌来确定授权的媒体。
4. The Session Management Server sends a response to the End Host (e.g., SIP 200 or 183) indicating that session set-up is complete or is progressing. Included in this response is a description of the negotiated media along with the token from the SCD Policy Server.
4. 会话管理服务器向终端主机(例如SIP 200或183)发送指示会话设置完成或正在进行的响应。此响应中包括协商介质的描述以及来自SCD策略服务器的令牌。
5. The End Host issues a request (e.g., RSVP PATH) to reserve the resources necessary to provide the required QoS for the media stream. Included in this request is the token from the SCD Policy Server provided via the Session Management Server.
5. 终端主机发出请求(例如,RSVP路径)以保留为媒体流提供所需QoS所需的资源。此请求中包括通过会话管理服务器提供的来自SCD策略服务器的令牌。
6. The Edge Router intercepts the reservation request and sends a policy decision request (e.g., COPS REQ) to the RCD Policy Server in order to determine if the resource reservation request should be allowed to proceed. Included in this request is the token from the SCD Policy Server provided by the End Host.
6. 边缘路由器截取保留请求,并向RCD策略服务器发送策略决策请求(例如,COPS REQ),以确定是否应允许资源保留请求继续。此请求中包括来自最终主机提供的SCD策略服务器的令牌。
7. The RCD Policy Server uses this token to extract information about the media that was authorized by the SCD Policy Server. The RCD Policy Server uses this information in making its decision on whether the resource reservation should be allowed to proceed.
7. RCD策略服务器使用此令牌提取有关SCD策略服务器授权的媒体的信息。RCD策略服务器在决定是否允许继续进行资源保留时使用此信息。
The Policy Server sends a decision (e.g., COPS DEC) to the Edge Router, possibly after modifying the parameters of the resources to be reserved.
策略服务器可能在修改要保留的资源的参数后,向边缘路由器发送决策(例如,COPS DEC)。
8. The Edge Router, possibly after waiting for end-to-end negotiation for resources to be completed, sends a response to the End Host (e.g., RSVP RESV) indicating that resource reservation is complete or is progressing
8. 边缘路由器可能在等待完成资源的端到端协商之后,向终端主机(例如,RSVP RESV)发送响应,指示资源预留已完成或正在进行中
In this model, the token MUST contain sufficient information to allow the RCD Policy Server to make resource policy decisions autonomously from the SCD Policy Server. The token is created using information about the session received by the SMS. The information in the token MUST include:
在此模型中,令牌必须包含足够的信息,以允许RCD策略服务器从SCD策略服务器自主地做出资源策略决策。令牌是使用SMS接收的会话信息创建的。令牌中的信息必须包括:
- Calling party name or IP address (e.g., from SDP "c=" parameter).
- 主叫方名称或IP地址(例如,来自SDP“c=”参数)。
- Called party name or IP address (e.g., from SDP "c=" parameter).
- 被叫方名称或IP地址(例如,来自SDP“c=”参数)。
- The characteristics of (each of) the media stream(s) authorized for this session (e.g., codecs, maximum bandwidth from SDP "m=" and/or "b=" parameters).
- 为此会话授权的(每个)媒体流的特征(例如,编解码器、来自SDP“m=”和/或“b=”参数的最大带宽)。
- The authorization lifetime. To protect against replay attacks, the token should be valid for only a few seconds after the start time of the session.
- 授权生命周期。为了防止重播攻击,令牌应在会话开始后的几秒钟内有效。
- The identity of the authorizing entity to allow for validation of the token.
- 允许验证令牌的授权实体的标识。
- Authentication data used to prevent tampering with the token. This authentication data is calculated over all other fields of the token using an agreed mechanism. The mechanism used by the RCD Policy Server is beyond the scope of this document.
- 用于防止篡改令牌的身份验证数据。使用约定的机制,通过令牌的所有其他字段计算此身份验证数据。RCD策略服务器使用的机制超出了本文档的范围。
Furthermore, the token MAY include:
此外,令牌可以包括:
- The lifetime of (each of) the media stream(s) (e.g., from SDP "t=" parameter). This field may be useful in pre-paid scenarios in order to limit the lifetime of the session.
- (每个)媒体流的生存期(例如,来自SDP“t=”参数)。此字段在预付费场景中可能有用,以限制会话的生存期。
- The Calling and called party port numbers (e.g., from the "m=" parameter).
- 主叫方和被叫方端口号(例如,来自“m=”参数)。
The detailed semantics of an authorization token are defined in [4].
授权令牌的详细语义在[4]中定义。
The use of a media authorization token in the Non-Associated Model requires the addition of new fields to several protocols:
在非关联模型中使用媒体授权令牌需要在多个协议中添加新字段:
- Resource reservation protocol. A new protocol field or object MUST be added to the resource reservation protocol to transparently transport the token from the End Host to the Edge Router. The content and internal structure of this object SHOULD be opaque to the resource reservation protocol. For example, this is achieved in RSVP with the Policy Data object defined in [8].
- 资源预留协议。必须向资源保留协议添加新的协议字段或对象,以便将令牌从终端主机透明地传输到边缘路由器。此对象的内容和内部结构对于资源保留协议应该是不透明的。例如,这是通过在[8]中定义的策略数据对象在RSVP中实现的。
- Policy management protocol. A new protocol field or object MUST be added to the policy management protocol to transport the token from the SCD Policy Server to the Session Management Server and from the Edge Router to the RCD Policy Server. The content and internal structure of this object MUST be specified so that the Policy Servers can distinguish between the elements of the token described in Section 7.2. For example, this is achieved in COPS-RSVP with the Policy Data object defined in [8].
- 策略管理协议。必须将新的协议字段或对象添加到策略管理协议中,以将令牌从SCD策略服务器传输到会话管理服务器,并从边缘路由器传输到RCD策略服务器。必须指定此对象的内容和内部结构,以便策略服务器能够区分第7.2节中描述的令牌元素。例如,这是在COPS-RSVP中使用[8]中定义的策略数据对象实现的。
- Session management protocol. A new protocol field or object MUST be added to the session management protocol to transparently transport the media authorization token from the Session Management Server to the End Host. The content and internal structure of this object SHOULD be opaque to the session management protocol (e.g., SIP [6]).
- 会话管理协议。必须将新的协议字段或对象添加到会话管理协议中,才能将媒体授权令牌从会话管理服务器透明地传输到终端主机。该对象的内容和内部结构对于会话管理协议(例如SIP[6])应该是不透明的。
This document defines three models for session set-up with media authorization:
本文档定义了媒体授权会话设置的三种模型:
- The Coupled Model which assumes a priori knowledge of network topology and where pre-established trust relationships exist between network entities.
- 一种耦合模型,它假定网络拓扑的先验知识,并且网络实体之间存在预先建立的信任关系。
- The Associated Model where there are common or trusted policy servers but knowledge of the network topology is not known a priori.
- 存在公共或受信任策略服务器但网络拓扑知识未知的关联模型。
- The Non-Associated Model where knowledge of the network topology is not known a priori, where there are different policy servers involved and where a trust relationship does not exist between the policy servers.
- 非关联模型,其中网络拓扑知识未知,涉及不同的策略服务器,并且策略服务器之间不存在信任关系。
The Associated Model is applicable to environments where the network elements involved in establishing a session have a pre-determined trust relationship but where their identities must be determined dynamically during session set up. The Non-Associated Model is applicable to environments where there is a complex network topology and/or where trust relationships between domains do not exist (e.g., when they are different business entities).
关联模型适用于建立会话所涉及的网络元素具有预先确定的信任关系,但必须在会话设置期间动态确定其身份的环境。非关联模型适用于存在复杂网络拓扑和/或域之间不存在信任关系的环境(例如,当它们是不同的业务实体时)。
In any given network, one or more of these models may be applicable. Indeed, the model to be used may be chosen dynamically during session establishment based on knowledge of the end points involved in the call. In all cases, however, there is no need for the End Host or the Session Management Server to understand or interpret the authorization token - to them it is an opaque protocol element that is simply copied from one container protocol to another.
在任何给定的网络中,这些模型中的一个或多个可能适用。实际上,在会话建立期间,可以基于呼叫中涉及的端点的知识动态地选择要使用的模型。然而,在所有情况下,终端主机或会话管理服务器都不需要理解或解释授权令牌——对他们来说,授权令牌是一个不透明的协议元素,只是从一个容器协议复制到另一个容器协议。
Finally, the framework defined in this document is extensible to any kind of session management protocol coupled to any one of a number of resource reservation and/or policy management protocols.
最后,本文中定义的框架可扩展到任何类型的会话管理协议,该协议耦合到多个资源保留和/或策略管理协议中的任何一个。
The purpose of this document is to describe a mechanism for media authorization to prevent theft of service.
本文档旨在描述一种媒体授权机制,以防止服务被盗。
For the authorization token to be effective, its integrity MUST be guaranteed as it passes through untrusted network entities such as the End Host. This can be achieved by using authentication data. There is no requirement for encryption of the token since it does not contain confidential information that may be used by malicious users.
为了使授权令牌有效,必须保证其在通过不受信任的网络实体(如终端主机)时的完整性。这可以通过使用身份验证数据来实现。不需要对令牌进行加密,因为它不包含恶意用户可能使用的机密信息。
This document assumes that trust relationships exist between various network entities, as described in each of the models. The means for establishing these relationships are beyond the scope of this document.
本文档假设各种网络实体之间存在信任关系,如每个模型中所述。建立这些关系的方法超出了本文件的范围。
The different interfaces between the network entities described in this document have different natures requiring different security characteristics:
本文件中描述的网络实体之间的不同接口具有不同的性质,需要不同的安全特性:
- The edge router and RCD policy server MUST have a trust relationship. If necessary, this relationship can be enforced through a formal security association [14].
- 边缘路由器和RCD策略服务器必须具有信任关系。如有必要,这种关系可以通过正式的安全关联来实施[14]。
- The network policies exchanged over the interface between edge router and RCD policy server SHOULD be integrity protected. This can be accomplished using integrity mechanisms built into the policy control protocol (e.g., the Integrity object in COPS [2]) or through generic IP security mechanisms [14].
- 边缘路由器和RCD策略服务器之间通过接口交换的网络策略应受到完整性保护。这可以通过使用内置于策略控制协议中的完整性机制(例如,COPS[2]中的完整性对象)或通过通用IP安全机制来实现[14]。
- The SCD and RCD policy servers MUST have a trust relationship in the associated model. If necessary, this relationship can be enforced through a formal security association [14].
- SCD和RCD策略服务器在关联模型中必须具有信任关系。如有必要,这种关系可以通过正式的安全关联来实施[14]。
- The information exchanged over the interface between policy servers SHOULD be integrity protected. This can be accomplished using integrity mechanisms built into the policy exchange protocol [2] or through generic IP security mechanisms [14].
- 策略服务器之间通过接口交换的信息应受到完整性保护。这可以使用内置于策略交换协议[2]中的完整性机制或通过通用IP安全机制[14]实现。
- The end host SHOULD be authenticated by the RCD to protect against identity theft. The network resource request/responses should be protected against corruption and spoofing. Thus, the interface between host and edge router SHOULD provide integrity and authentication of messages. For example, [13] provides integrity and authentication of RSVP messages.
- 终端主机应由RCD进行身份验证,以防止身份被盗。应保护网络资源请求/响应免受损坏和欺骗。因此,主机和边缘路由器之间的接口应提供消息的完整性和身份验证。例如,[13]提供RSVP消息的完整性和身份验证。
- The end host SHOULD be authenticated by the SCD to protect against identity theft. The session setup request/response should be protected against corruption and spoofing. Thus, the interface between host and SMS SHOULD provide integrity and authentication of messages.
- 终端主机应由SCD进行身份验证,以防止身份被盗。应保护会话设置请求/响应不受损坏和欺骗。因此,主机和SMS之间的接口应提供消息的完整性和身份验证。
- The SMS and the SCD policy server MUST have a a trust relationship. If necessary, this relationship can be enforced through a formal security association [14].
- SMS和SCD策略服务器必须具有信任关系。如有必要,这种关系可以通过正式的安全关联来实施[14]。
- The network policies exchanged over the interface between the SMS and SCD policy server SHOULD be integrity protected. This can be accomplished using integrity mechanisms built into the policy control protocol (e.g., the Integrity object in COPS [2]) or through generic IP security mechanisms [14].
- SMS和SCD策略服务器之间通过接口交换的网络策略应受到完整性保护。这可以通过使用内置于策略控制协议中的完整性机制(例如,COPS[2]中的完整性对象)或通过通用IP安全机制来实现[14]。
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[1] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[2] Durham, D., Boyle, J., Cohen, R., Herzog, S., Rajan, R. and A. Sastry, "The COPS (Common Open Policy Service) Protocol", RFC 2748, January 2000.
[2] 达勒姆,D.,博伊尔,J.,科恩,R.,赫尔佐格,S.,拉詹,R.和A.萨斯特里,“共同开放政策服务协议”,RFC 2748,2000年1月。
[3] Herzog, S., Boyle, J., Cohen, R., Durham, D., Rajan, R. and A. Sastry, "COPS usage for RSVP", RFC 2749, January 2000.
[3] Herzog,S.,Boyle,J.,Cohen,R.,Durham,D.,Rajan,R.和A.Sastry,“警察对RSVP的使用”,RFC 2749,2000年1月。
[4] Hamer, L-N., Gage, B., Kosinski, B. and H. Shieh, "Session Authorization Policy Element", RFC 3520, April 2003.
[4] Hamer,L-N.,Gage,B.,Kosinski,B.和H.Shieh,“会话授权策略元素”,RFC 3520,2003年4月。
[5] Handley, M. and V. Jacobson, "SDP: session description protocol," RFC 2327, April 1998.
[5] Handley,M.和V.Jacobson,“SDP:会话描述协议”,RFC 2327,1998年4月。
[6] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[6] Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.和E.Schooler,“SIP:会话启动协议”,RFC 3261,2002年6月。
[7] Braden, R., Zhang, L., Berson, S., Herzog, S. and S. Jamin, "Resource ReSerVation protocol (RSVP) -- version 1 functional specification," RFC 2205, September 1997.
[7] Braden,R.,Zhang,L.,Berson,S.,Herzog,S.和S.Jamin,“资源预留协议(RSVP)——版本1功能规范”,RFC 22052997年9月。
[8] Herzog, S., "RSVP Extensions for Policy Control", RFC 2750, January 2000.
[8] Herzog,S.,“政策控制的RSVP扩展”,RFC 2750,2000年1月。
[9] Chan, K., Seligson, J., Durham, D., Gai, S., McCloghrie, K., Herzog, S., Reichmeyer, F., Yavatkar, R. and A. Smith, "COPS Usage for Policy Provisioning (COPS-PR)", RFC 3084, March 2001.
[9] Chan,K.,Seligson,J.,Durham,D.,Gai,S.,McCloghrie,K.,Herzog,S.,Reichmeyer,F.,Yavatkar,R.和A.Smith,“政策制定的COPS使用(COPS-PR)”,RFC 3084,2001年3月。
[10] Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M. and P. Spence, "AAA Authorization Framework", RFC 2904, August 2000.
[10] Vollbrecht,J.,Calhoun,P.,Farrell,S.,Gommans,L.,Gross,G.,de Bruijn,B.,de Laat,C.,Holdrege,M.和P.Spence,“AAA授权框架”,RFC 29042000年8月。
[11] de Laat, C., Gross, G., Gommans, L., Vollbrecht, J. and D. Spence, "Generic AAA Architecture", RFC 2903, August 2000.
[11] de Laat,C.,Gross,G.,Gommans,L.,Vollbrecht,J.和D.Spence,“通用AAA架构”,RFC 2903,2000年8月。
[12] "PacketCable Dynamic Quality of Service Specification", CableLabs, December 1999.
[12] “PacketCable动态服务质量规范”,CableLabs,1999年12月。
[13] Baker, F., Lindell, B. and M. Talwar, "RSVP Cryptographic Authentication", RFC 2747, January 2000.
[13] Baker,F.,Lindell,B.和M.Talwar,“RSVP加密认证”,RFC 2747,2000年1月。
[14] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[14] Kent,S.和R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。
The authors would like to thank to following people for their useful comments and suggestions related to this document: Kwok Ho Chan, Doug Reeves, Sam Christie, Matt Broda, Yajun Liu, Brett Kosinski, Francois Audet, Bill Marshall, Diana Rawlins and many others.
作者感谢以下人士对本文件提出的有用意见和建议:郭浩灿、道格·里维斯、山姆·克里斯蒂、马特·布罗达、刘亚军、布雷特·科辛斯基、弗朗索瓦·奥德特、比尔·马歇尔、戴安娜·罗林斯和其他许多人。
Louis-Nicolas Hamer Nortel Networks PO Box 3511 Station C Ottawa, ON CANADA K1Y 4H7
Louis Nicolas Hamer Nortel Networks邮政信箱3511加拿大渥太华C站K1Y 4H7
Phone: +1 613.768.3409
EMail: nhamer@nortelnetworks.com
Phone: +1 613.768.3409
EMail: nhamer@nortelnetworks.com
Bill Gage Nortel Networks PO Box 3511 Station C Ottawa, ON CANADA K1Y 4H7
Bill Gage Nortel Networks邮政信箱3511加拿大渥太华C站K1Y 4H7
Phone: +1 613.763.4400
EMail: gageb@nortelnetworks.com
Phone: +1 613.763.4400
EMail: gageb@nortelnetworks.com
Hugh Shieh AT&T Wireless 7277 164th Avenue NE Redmond, WA USA 98073-9761
休谢AT&T无线7277美国西澳州雷德蒙东北大街164号,邮编:98073-9761
Phone: +1 425.580.6898
EMail: hugh.shieh@attws.com
Phone: +1 425.580.6898
EMail: hugh.shieh@attws.com
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。