1 / 12

IRTF - AAAARCH - RG A uthentication A uthorisation A ccounting ARCH itecture RG chairs:

AAAARCH. IRTF - AAAARCH - RG A uthentication A uthorisation A ccounting ARCH itecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903, 2904, 2905, 2906. Basic AAA. Service perspective: Who is it who wants to use my resource Establish security context

sybil-nunez
Download Presentation

IRTF - AAAARCH - RG A uthentication A uthorisation A ccounting ARCH itecture RG chairs:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AAAARCH IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903, 2904, 2905, 2906

  2. Basic AAA • Service perspective: • Who is it who wants to use my resource • Establish security context • Do I allow him to access my resource • Create a capability / ticket /authorization • Can I track the usage of the resource • Based on type of request (policy) track the usage • User perspective • Where do I find this or that service • What am I allowed to do • What do I need to do to get authorization • What does it cost • Intermediaries perspective • Service creation • Brokerage / portals • Organizational perspective • What do I allow my people to do • Contractual relationships (SLA’s)

  3. Roles U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R UNI UNI UNI UNI UNI UNI UNI UNI UNI SURFnet DFN REDIRIS SWITCH REDIRIS REDIRIS REDIRIS GEANT/DANTE

  4. U S E R UHO U S E R U S E R UHO UHO AAA 1 AAA 1 AAA 4 2 3 2 2 Provider AAA Provider Provider 3 4 Service 1 AAA 3 AAA 1 3 4 4 4 5 Service Service 5 5 Authorization Models AGENT PULL PUSH

  5. Starting point 1 1 Generic AAA server Rule based engine Policy API PDP 3 2 Data Application Specific Module 4 Policy 3 Data 5 5 Service Accounting Metering PEP 4’ Acct Data 3

  6. Multi domain case

  7. Basic principles Principles of Generic AAA Three building blocks: RBE ASM Service Equipment There is a global address space between the RBE and the ASM. There is only generic stuff in the RBE and all the application specific stuff is in the ASMs. The relationship between AAA servers is symmetric. Different servers may have different capabilities.

  8. Message types • Service request/reply • Authorization request/reply • Solicit Service Offer request/reply • Authentication request/reply • Authentication Challenge request/reply • Policy request/reply • Policy Evaluation request/reply • Data request/reply • Event Log indication/confirmation • Accounting indication/confirmation • Service (session) Configuration indication/confirmation • Service (session) Management indication/confirmation • Capability request/reply (supports resource discovery)

  9. Top Level Objects • Identity • Authentication Data • Authentication Challenge • Service Data • Service Offer • Answer • Error • Policy • [service specification policy, authorization policy, provisioning policy, configuration policy, accounting policy, metering policy] • Policy Reference • Policy Data • Configuration Data • Service Management • Accounting • Event

  10. Issues • Relationships in pictural model • Type 1 - 7 communication • Internal structure in model • Global addressing space • Refine layered model • Scalable aaa server model

  11. Research Group - info • Research Group Name: AAAARCH - RG • Chair(s) • John Vollbrecht -- jrv@interlinknetworks.com • Cees de Laat -- delaat@phys.uu.nl • Web page • www.irtf.org • www.phys.uu.nl/~wwwfi/aaaarch • Mailing list(s) • aaaarch@fokus.gmd.de • For subscription to the mailing list, send e-mail to majordomo@fokus.gmd.dewith content of message subscribe aaaarch end • will be archived, retrieval with frames and in plain ascii: • http://www.fokus.gmd.de/glone/research/aaaarch/ • http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current • ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current

  12. AAAARCH

More Related