1 / 19

AAA - ARCH

AAA - ARCH. 1 of 14. IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions from many persons including: B. de Bruijn, C & K Dobbins, S. Farrell, G. Gross,

luthery
Download Presentation

AAA - ARCH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAA-ARCH 1 of 14 IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions from many persons including: B. de Bruijn, C&K Dobbins, S. Farrell, G. Gross, L. Gommans, D. Spence, E. Verharen, T. Verschuren, T. Zseby

  2. Applications 2 of 14 • Applications • Network Access • Bandwidth Broker • Authorization of resources living in many administrative domains • Budget system • Library system • Computer based education system • E-Commerce • Micro-payments • Car Rental • Daily life

  3. USA line Multi Kingdom Problem 3 of 14 Physics-UU to IPP-FZJ => 7 kingdoms • Netherlands • Physics dept • Campus net • SURFnet • Europe • TEN 155 • Germany • WINS/DFN • Juelich, Campus • Plasma Physics dept 3 ms 2.5 ms 17 ms Jülich

  4. The need for AAA 4 of 14 AAA $$$ ? AAA AAA ? BB BB management management Remote service End user R R R R Kingdom N Kingdom N+1

  5. Roaming “Agent” Authorization Model 5 of 14 User User Home Organization Request 1 AAA Server Approved 4 2 Commit Approval Conditional Approval Service Provider 3 AAA Server 3 Service Equipment use service 5 Example application: bandwidth brokerage at Enterprise/Service Provider boundary

  6. Roaming “Pull” Authorization Model 6 of 14 User User Home Organization AAA Server 3 Conditional Approval Commit Approval 2 Service Provider AAA Server 4 Request Service Equipment 1 1 Approved 4 use service 5 Example applications: Mobile IP, PPP dial-in to NAS

  7. Roaming “Push” Authorization Model 7 of 14 User User Home Organization Request 1 AAA Server Conditional Approval with ticket 2 Service Provider Request with ticket 3 AAA Server 4 4 Approved Service Equipment use service 5 Example application: Internet printing, where file and print servers are in different admin domains

  8. AAA Server building block 8 of 14 Rule example: Auth_A = (B>9) .or. C .and. D USER 1 1 Generic AAA server Rule based engine API Auth rules 3 2 Application Specific Module Events Types of communication: 1: “The” AAA protocol 2: interface (API) to app specific module (addressing!) 3: interface (API or connection) to repositories (e.g. LDAP)

  9. Pushing the buttons 9 of 14 1 1 Generic AAA server Rule based engine Policy 3 2 Application Specific Module Events 5 Service Types of communication: 5: Towards service (f.e. COPS, CLI, SNMPv3)

  10. Legacy protocols 10 of 14 1 1 Generic AAA server Rule based engine Policy 2 3 Application specific Module Events 4 Types of communication: 4: Legacy protocols (Radius, Diameter, …)

  11. Gateway 11 of 14 1 1 Generic AAA server Rule based engine 1 Policy 3 2 GW Application specific Module Events 4 2

  12. AAA Server with Accounting as Separate Service 12 of 15 1 1 Generic AAA server Rule based engine Policy 3 2 2 Events Application Specific Module Accounting Module Acct Data 3 5 6 Service Metering

  13. AAA Server with Accounting as Part of the Service 13 of 16 1 1 Generic AAA server Rule based engine Policy 3 2 Events Application specific Module 5 5 Service Accounting/ Metering Acct Data 3

  14. User Visited ISP Home ISP Bill Charging & Billing ARs 8 Charging Policies ARs 3 AAA Server AAA Server 4 (optional online charging) Service parameters including Accounting Policy 5 7 Accounting Records (ARs) 2 Service Equipment 6 Collectors configuration 1 Meters Example: Interaction with Authorization 14 of 16

  15. Generic AAA Agent Model AAA server AAA server AAA server 15a of 16

  16. Future AAA Application (ASP) User-Home Organ. Financial Organ. Bandwidth Broker Content Server AAA AAA AAA AAA Internet Content Server User Layer 3/4 Switch AAA AAA AAA Service Profiles Content Server AAA ISP's ASP 15b of 16

  17. RG-Goals-1 15c of 16 Specific goals of the RG are: • develop generic AAA model by specifically including Authentication and Accounting • develop auditability framework specification that allows the AAA system functions to be checked in a multi-organization environment • develop a model that supports management of a "mesh" of interconnected AAA Servers • define distributed policy framework, coordinate with policy framework WG and others • develop an accounting model that allows authorization to define the type of accounting processing required for each session

  18. RG-Goals-2 15d of 16 Specific goals of the RG are: • implement a simulation model that allows experimentation with the the proposed architectural models (also work on an emulation) • describe interdomain issues using generic model • work with AAA WG to align short term AAA protocol requirements with long term requirements as much as possible • complete the work in Q4 - 2000 (ambitious)

  19. 16 of 16 • Research Group Name: AAAARCH - RG • Chair(s) • John Vollbrecht -- jrv@merit.edu • Cees de Laat -- delaat@phys.uu.nl • Web page • www.irtf.org • www.phys.uu.nl/~wwwfi/aaaarch • Mailing list(s) • aaaarch@fokus.gmd.de • For subscription to the mailing list, send e-mail to majordomo@fokus.gmd.de with content of message subscribe aaaarch end • will be archived, retrieval with frames and in plain ascii: • http://www.fokus.gmd.de/glone/research/aaaarch/ • http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current • ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current Research Group - info

More Related