A domain controls how
a user is authorized. Once a user is authorized, domains can also
auto-provision a user in USuM (including a default Service). If a user is not
auto-provisioned, the user must have been provisioned by API into USuM before
they are assigned a Service on the network.
Each user goes through
a single domain authorization process upon log in. There can be multiple
domains configured each having different kind of authorization. A user's domain
is determined by Location. If a user does not match any of the Domains, they
are considered to be part of the Domain marked as 'default'.
Currently, only USuM
Authorization is supported by ANDSF.
A domain can also auto
provision a subscriber in SPR and associate a default service to it. This
provides an option to register the subscriber based on Primary Credential and
Password received from the incoming request, for example, Radius Username and
Radius Password. This method is generally used in scenarios where the system is
configured to “auto-learn” subscribers and assign a default service profile.
When multiple domains
are configured it is very difficult to select a single domain to
authorize/authenticate a subscriber. This problem can be overcome by
configuring the Locations on the individual domains. Location provides an
option to select the individual domain based on the attributes received from
the incoming request like Framed-IP, NAS-IP or based on AVP with the
combination of Time Zone.
multiple advanced options which help us to take some default actions based on
the conditions. Advanced rules determine if unknown subscribers can come into
the system and defines the unknown service. This is often used if subscribers
self-provision and so are initially unknown or a default service can be
assigned to a known subscribers.