IRTF - AAAARCH - RG - PowerPoint PPT Presentation

About This Presentation
Title:

IRTF - AAAARCH - RG

Description:

Who is it who wants to use my resource. Establish ... GEANT/DANTE. SURFnet. DFN. SWITCH. REDIRIS. REDIRIS. REDIRIS. REDIRIS. U. S. E. R. U. S. E. R. U. S ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 13
Provided by: cde59
Category:
Tags: aaaarch | irtf | dante

less

Transcript and Presenter's Notes

Title: IRTF - AAAARCH - RG


1
  • IRTF - AAAARCH - RG
  • Authentication Authorisation
  • Accounting ARCHitecture RG
  • chairs
  • C. de Laat and J. Vollbrecht
  • www.phys.uu.nl/wwwfi/aaaarch
  • RFC 2903, 2904, 2905, 2906

2
Basic AAA
  • Service perspective
  • Who is it who wants to use my resource
  • Establish security context
  • Do I allow him to access my resource
  • Create a capability / ticket /authorization
  • Can I track the usage of the resource
  • Based on type of request (policy) track the usage
  • User perspective
  • Where do I find this or that service
  • What am I allowed to do
  • What do I need to do to get authorization
  • What does it cost
  • Intermediaries perspective
  • Service creation
  • Brokerage / portals
  • Organizational perspective
  • What do I allow my people to do
  • Contractual relationships (SLAs)

3
Roles
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
U S E R
UNI
UNI
UNI
UNI
UNI
UNI
UNI
UNI
UNI
SURFnet
DFN
SWITCH
REDIRIS
REDIRIS
REDIRIS
REDIRIS
GEANT/DANTE
4
Authorization Models
AGENT
PULL
PUSH
5
Starting point
1
1
Generic AAA server Rule based engine
Policy
API
PDP
3
2
Data
Application Specific Module
4
Policy
3
Data
5
5
Service
Accounting Metering
PEP
4
Acct Data
3
6
Multi domain case
7
Basic principles
  • Principles of Generic AAA
  • Three building blocks
  • RBE
  • ASM
  • Service Equipment
  • There is a global address space between the RBE
    and the ASM.
  • There is only generic stuff in the RBE and all
    the application specific stuff is in the ASMs.
  • The relationship between AAA servers is
    symmetric.
  • Different servers may have different capabilities.

8
Message types
  • Service request/reply
  • Authorization request/reply
  • Solicit Service Offer request/reply
  • Authentication request/reply
  • Authentication Challenge request/reply
  • Policy request/reply
  • Policy Evaluation request/reply
  • Data request/reply
  • Event Log indication/confirmation
  • Accounting indication/confirmation
  • Service (session) Configuration
    indication/confirmation
  • Service (session) Management indication/confirmati
    on
  • Capability request/reply (supports resource
    discovery)

9
Top Level Objects
  • Identity
  • Authentication Data
  • Authentication Challenge
  • Service Data
  • Service Offer
  • Answer
  • Error
  • Policy
  • service specification policy, authorization
    policy, provisioning policy, configuration
    policy, accounting policy, metering policy
  • Policy Reference
  • Policy Data
  • Configuration Data
  • Service Management
  • Accounting
  • Event

10
Issues
  • Relationships in pictural model
  • Type 1 - 7 communication
  • Internal structure in model
  • Global addressing space
  • Refine layered model
  • Scalable aaa server model

11
Research Group - info
  • Research Group Name AAAARCH - RG
  • Chair(s)
  • John Vollbrecht -- jrv_at_interlinknetworks.com
  • Cees de Laat -- delaat_at_phys.uu.nl
  • Web page
  • www.irtf.org
  • www.phys.uu.nl/wwwfi/aaaarch
  • Mailing list(s)
  • aaaarch_at_fokus.gmd.de
  • For subscription to the mailing list, send e-mail
    to
  • majordomo_at_fokus.gmd.de with content of message
  • subscribe aaaarch
  • end
  • will be archived, retrieval with frames and in
    plain ascii
  • http//www.fokus.gmd.de/glone/research/aaaarch/
  • http//www.fokus.gmd.de/glone/research/mail-archiv
    e/aaaarch-current
  • ftp//ftp.fokus.gmd.de/pub/glone/mail-archive/aaaa
    rch-current

12
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com