Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis

To: Martin Thomson <[email protected]>

Subject: Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis

From: David Bird <[email protected]>

Date: Thu, 25 Jul 2019 05:56:24 -0700

Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/6nLbZZtlu0bY3kmuc72GhJgJVaQ>

Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com

Cc: [email protected]

Delivered-to: [email protected]

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8qrJnKBmuT/+yj4RyNOm8+Hw4tXJ5cTdr2xHxueG+c4=; b=abtuv7aXcL0LG2j+8ZACtt5NuY1MaDQcDjInHku88n5MCjIuophxciglmLGA3g7ef6 zTjSk7qzAblKMAo+pi86CNv1XWtwW3yXn1hAILNwejFpBChGNJhabF5L9KKl2OmVsQUQ L91GoSstNTqJscJTWMN5Hk1A5MxBtrhiTjl4ciMJdPGsUeFcfMRsk82n3qqjodA+V373 oeeGziIpIx6qWp4N7QVm6NoeOFvNDogUmtrnC8KMWtMph0kqgxOFiZ9ewWgw4CXfntG0 NlKRplK79m2DtRaidhuBtKxWe+XLWbVcQMAtn5uom2mZE7NPPZKhzhGMGU23TibzzmeE PpmQ==

In-reply-to: <[email protected]>

List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>

List-help: <mailto:[email protected]?subject=help>

List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>

List-post: <mailto:[email protected]>

List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>

References: <[email protected]om> <[email protected]> <[email protected]om> <[email protected]om> <[email protected]om> <[email protected]om> <[email protected]>

Hi Martin,

The "this" refers to uniquely identifying the UE/session. The API server will need to "lookup" the UE/session in some way (like in a database shared with AAA) to get its state (captive or not, how much time/data remaining, etc). In this regard, the API and the Captive Portal itself *both* need this ability to uniquely identify the UE/session.

Sure, one *could* design an API server, to reside on the same L2 segment as the subscribers, so that it can determine the UE mac address from looking up the remote IP address in the local ARP table. But... in practice, I think the tendency would be to host the API in the same centralized place as the captive portal itself (and share the same database).

In terms of generating a "session-id" ... a lot of this is very implementation dependent. For example, many hotspot systems are integrated with DHCP/RA because the IP address of subscribers may come from AAA (or a PGW in 3gpp). The redirection URL is often "minted" with the right session_id for that session by the backend AAA/PCRF.

Here is one example:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_01011101.pdf

On Thu, Jul 25, 2019 at 4:31 AM Martin Thomson <[email protected]> wrote:

Hi David,

On Mon, Jul 22, 2019, at 19:40, David Bird wrote:
> ultimately a "session-id" is
> typically carried in the redirect URL on a per UE/session basis. If
> everyone gets the exact same URL, this can only be done by IP address
> at the portal... Is that the design networks are encouraged to take?

I'm not following your "this" here. Can you say more?

I understand that a session ID is needed, but is this something that can be inserted on the transition from the API endpoint to the web page?

_______________________________________________
Captive-portals mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/captive-portals