Some basics of a AAA Control model

1
Some basics of a AAA Control model

• John Vollbrecht
• Merit Network
• jrv_at_merit.edu
• March 30, 2000
• Adelaide ietf

2
AAA Elementsand relationships
Authentication Server
user
Authorization Server
Application
Simple model single domain/kingdom
3
Certificate/Token Sequence
1
Authentication Server
2
User agent
Authorization Server
3
Application
1- get authentication token 2 get authorization
token 3- initiate application
4
Net Access Sequencean example
Authentication Server
3
4
Authorization Server
2
User Agent
5
1
Edge Device
6
1 request service/ with userinfo 2 forward
request with userinfo 3 forward request with
userinfo
4 return authentication token 5 return
authorization token 6- return session start
5
Bandwidth Brokeran example
1
Authentication Server
2
3
User agent
Authorization Server
4
5
6
Bandwidth Broker
1,2 get authentication token 3 -
request QoS Bandwidth 4 - authorized QoS
request
5 Session start 6
forward Session start
6
Some issues

• Which party controls the request sequence
• Security requirements between parties in
  different sequences
• Possible onetime authorization or authentication
• Complexity of issues as multiple organizations
  get involved in Authentication or Authorization
  or resource/application provisioning

7
Some Goals

• One goal is a descriptive model that provides a
  basis for understanding what is common and what
  is unique between application domains
• Attempt to support Policy descriptions of
  sequences of AAA actions for specific application
  domains
• Provide a way to evaluate policy from multiple
  organizations for a specific request.