[H.323 Mobility:] questions on MTD-016

Kumar, Vineet vineet.kumar at INTEL.COM
Fri Apr 14 11:50:55 EDT 2000


Steve,

I that case I look forward to a contribution or more discussion on this
reflector regarding problems with the model in which services are executed
only in the visited administrative domain.

vineet
-----Original Message-----
From: Stephen Terrill [mailto:stephen.terrill at ERICSSON.COM]
Sent: Friday, April 14, 2000 4:50 AM
To: ITU-SG16 at mailbag.cps.intel.com
Subject: Re: [H.323 Mobility:] questions on MTD-016


Hi Vineet,

I see in your asumptions you have assumed that the services are only
executed in the visited network.  I don´t yet agree with that assumptions
(that was behind the comments from Nokia towards me as well).  You would be
aware that we have had significant experience with the model you have
presented and would like to see improvements on this model in terms of
applying services.  The model of "dual service execution" that you proposes
has standardisation and deployment issues that we would rather migrate away
from.

Regards,

..//steve

"Kumar, Vineet" wrote:

> Steve,
>
> Thanks for your reply. My comments are embedded in the email below.
>
> vineet
>
> -----Original Message-----
> From: Stephen Terrill [mailto:stephen.terrill at ERICSSON.COM]
> Sent: Thursday, April 13, 2000 4:42 AM
> To: ITU-SG16 at MAILBAG.INTEL.COM
> Subject: Re: [H.323 Mobility:] questions on MTD-016
>
> Hi,
>
> I shall try to answer some of these questions below.
>
> Regards,
>
> ..//steve
>
> "Kumar, Vineet" wrote:
>
> > Stephen,
> >
> > I have a couple of questions on your contribution MTD-016. These are:
> >
> > 1. H.323 already has mechanisms for discovering the gatekeeper. Are you
> suggesting in your contribution that the terminal should discover the VLF
> instead of the visiting gatekeeper ? Or, are you assuming that the VLF is
> integrated in the visiting gatekeeper ?
>
> This can be discussed - I was of the opionion that we should discover the
> VLF and send the registration to the home environment after that.
However,
> we haven´t agreed on the role of the VLF, and visited gatekeeper, home
> gatekeerp and HLF - when we come to agree on what these are, my proposal
may
> change.
>
> <vineet:begin> Yes, this could be discussed in the conference call. My
> suggestion is to reinvent as less as possible. Since we are adding
Mobility
> to H.323, we should just fill in the gaps that are missing.
> <vineet:end>
> >
> >
> > 2. In H.323, authentication of the terminal and the gatekeeper is done
at
> the time of discovery. In fact, in H.323 all messages between the terminal
> and the gatekeeper can be authenticated and the message integrity
preserved.
> In your contribution, authentication is done at the time of registration.
> Why is this preferable to what is already in H.323 ?
>
> I would be interested to understand which gatekeeper you were considering
> should do the authentication.  I would assume that the real authentication
> would have to be done at home - as such it would be necessary to find the
> visited network services, and then register/authenticate at home.
>
> <vineet:begin> I agree with your model but my preference is to preserve
the
> way H.323 works today in that the authentication of both the user (not
> terminal) and the gatekeeper (doesn't matter whether the gk is visisted or
> home) can be done at the time of discovery. The protocol between the
> terminal and the gk does not change regardless of whether it is the home
gk
> or the visited gk. The terminal sends its hashed password or certificate
in
> the cryptotoken field of the GRQ message. The visisted gk tunnels the
entire
> message to the terminal's Home Administrative Domain for authentication
and
> authorization. There may be an Authentication Function in the Home
> Administrative Domain that authenticates its users. If the user is
> successfully authenticated by the Home Administrative Domain then a new
> temporary password is assigned by the Home Administrative Domain to the
> terminal and the visited gk in GCF for use during that session. This
> exchange is explained in detail in the contribution I made for the last
> conference call. I can't find the MD #. Does anyone know the MD # ?
> <vineet:end>
> >
> >
> > 3. What is the reason for the information flow from the HLF to the home
> gatekeeper, and from the home gatekeeperr to the HLF ? I don't think we
can
> assume that there is only one home gatekeeper that the terminal may be
> using. In fact, the home gatekeeper may not have any information about the
> user.
>
> I certainly don´t assume that there is only one home gatekeeper.  I assume
> that there will be a number of home gatekeepers, but perhaps only one (or
> few) HLFs.  In this case, we need an function to select the gatekeeper
that
> the user is going to camp on - and this may depend on load, subscriber
> profile, policy - or a lot of things.
>
> <vineet:begin> I guess I will have to understand the model that you have
in
> mind regarding the use of a home gk on which the terminal camps on. In my
> model the HLF will send all pertinent information about its user to the
VLF.
> The home gk is not needed.
> <vineet:end>
> >
> >
> > Regards,
> > vineet



More information about the sg16-avd mailing list