AAAARCH Research Group - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

AAAARCH Research Group

Description:

AAAARCH Research Group – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 14
Provided by: ata84
Category:
Tags: aaaarch | group | research | yeah

less

Transcript and Presenter's Notes

Title: AAAARCH Research Group


1
AAAARCH Research Group
  • A grammar for Policies in a generic AAA
    Environment
  • ltdraft-ietf-aaaarch-generic-policy-01.txtgt
  • A. Taal G. Sliepen
  • A.E. Hemel C.T.A.M. de Laat

2
Changes
  • References AVPs --gt Objects
  • AAA Message Types
  • No type checking

3
Object references
  • Request
  • Identity
  • PassW

if ( Query getPassword( userid
Request.Identity.UserID ) Request.Identity.Pa
ssW Query.PassW ) then( ) else( )
4
Request Service Reply
  • Answer
  • ServiceData

// Action list A1 getSwitchSettings( ) A2
getConnectionList( ) A1. Connections
A2.Connections Reply.ServiceData.Settings A1
5
Object trees
P
A
Q
D
S
B
E
R
C
leaf int float string
A.B P
A.B K.L.M
6
AAA Message Types
  • Request Reply

Authentication
  • Identity
  • AuthenticationData
  • Answer

! One-to-one mapping Requests lt ---gt Driving
Policies
PolicyRef (remote AAA server) Reply
Authentication_at_ 146.50.0.23( Identity
Request.Identity, AuthenticationData
Request.AuthenticationData )
7
AAA Message Types
  • Request Reply

Policy Evaluation
  • PolicyReference
  • ..
  • Answer
  • ServiceData

A1 PolicyEvaluation_at_ 146.50.0.23(
PolicyReference policy_23 )
A2 PolicyEvaluation_at_ 146.50.0.23(
PolicyReference policy_117
) ! A1.ServiceData ? A2.ServiceData
8
Local policy reference PolicyRef versus
FunctionCall
PolicyRef policy_71 _at_ 127. 0.0.1( data1
Yes, data212 ) policy_71 _at_ localhost(
data1 Yes, data212 ) FunctionCall
evaluate( ref policy_71 , data1 Yes,
data212 )
9
No type checking
ComputedBoolean ( INT Request.Data.Bandwidth /
INT Data.Fraction lt 20 )
JavaScript var a, b, c a 3 b yeah c
a / b alert( cc) gt cNaN
Perl a b c a 3 b yeah c
a / b gt Illegal division
10
Example Driving Policy
KERBEROS Authentication if ( if( exists
Request.AuthenticationData.Protocol.Name )
then( ) else ( Reply.Answer.Type
MISSING_DATA
Reply.Answer.Message "Missing Protocol.Name" )
if( Request.AuthenticationData.Prot
ocol.Name "Kerberos" ) then( )
else ( Reply Authentication_at_146.50.0.23(
Identity Request.Identity,

AuthenticationData Request.Aut
henticationData ) ) ) then ( // Next slide )

11
Example Driving Policy
then ( // Action if ( exists
Request.Identity.UserName ) then
( KRBReply
authenticate( username Request.Identity.UserN
ame,
servername )
HE/SHE IS KNOWN!!!!
Reply.Answer.AuthenticationData.SessionKey
KRBReply.SessionKey
) else (
Reply.Answer.Type MISSING_DATA

Reply.Answer.Message "AuthenticationData
incomplete )
... ) else ( ... )
12
To do
  • AAA message types
  • Definition of top level objects
  • generic AAA functions
  • return trees
  • generic ASMs
  • return trees
  • pushed / pulled policy treatment

13
To do or to do not
  • Exception handling
  • Parallelism ( Actions, remote references )
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "AAAARCH Research Group" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!