Download presentation
Presentation is loading. Please wait.
1
8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001 Frascati - Italy Leon Gommans lgommans@science.uva.nl University of Amsterdam Advanced Internet Research Group
2
8/10/2001GGF - 3 / Leon Gommans - UvA2 Objectives Give a better feeling of AAA environments. AAA concepts regarding user administration in multi-domain environments. Envisaged examples: –Role generic AAA in combination with CAS expanded towards the user –Role generic AAA in combination with CAS expanded towards the service. More info:http://www.aaaarch.org
3
8/10/2001GGF - 3 / Leon Gommans - UvA3 Roots AAA roots in the “dial-in” environment where NAS use AAA servers to Authenticate & Authorize users and allow Accounting. Need was generated by recognition that user-administration at or near the service equipment does not scale very well. NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. BOB@ UVA.NL ALICE@ UU.NL UVA.NL RADIUS ISP Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONSERVICE ORGANIZATIONUSER
4
8/10/2001GGF - 3 / Leon Gommans - UvA4 The “VO” from AAA perspective Example based on a highly simplified model of the SURFNET “Student Online” facility. The “VO” can be defined as the group of students and University Employees. The VO is offered free internet access if they belong to any Dutch University User administration is done by each individual university Each university is responsible for their own users towards the service.
5
8/10/2001GGF - 3 / Leon Gommans - UvA5 Flexibility of AAA allows: User organizations to outsourcing their dail-in service to one or more 3rd parties. Service organizations to host multiple organizations requiring dail- in facilities. Agreements can be implemented using a standards based protocol (RADIUS). RADIUS allows User organizations or Agents to migrate to other Service Providers. An agent, using proxy AAA to change its service without affecting the agreement with its customers. A service organization to have ultimate authority over its users.
6
8/10/2001GGF - 3 / Leon Gommans - UvA6 NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. BOB@ UVA.NL ALICE@ UU.NL UVA.NL RADIUS ISP-B Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONS NETWORK ACCESS SERVERS AAA BILL@ UVA.NL ANNE@ UU.NL RADIUS ISP-A Internet SERVICE ORGANIZATIONSUSER AAA
7
8/10/2001GGF - 3 / Leon Gommans - UvA7 NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. BOB@ UVA.NL ALICE@ UU.NL UVA.NL RADIUS ISP-B Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONS NETWORK ACCESS SERVERS AAA BILL@ UVA.NL ANNE@ UU.NL RADIUS ISP-A Internet SERVICE ORGANIZATIONSUSER Proxy AAA RADIUS AAA AGENT
8
8/10/2001GGF - 3 / Leon Gommans - UvA8 USER CAS GRID RESOURCES AAA PUSH MODEL AAA can play a role in both area’s User authentication & authorization Resource Management in combining resources SERVICE ORGANIZATION USER HOME ORGANIZATION
9
8/10/2001GGF - 3 / Leon Gommans - UvA9 GRID RE- SOURCES ALICE@ UU.NL ASP-B GRID RE- SOURCES BILL@ UVA.NL ASP-A SERVICE ORGANIZATIONSUSER ALICE.UU.NL ANNE.UU.NL ARIE.UU.NL BILL.UVA.NL BOB.UVA.NL CAROL.UVA.NL ……. UU.NL UVA.NL USER HOME ORGANIZATIONS CAS
10
8/10/2001GGF - 3 / Leon Gommans - UvA10 AAA ALICE ANNE ARIE ……. UU.NL UVA.NL BILL BOB CAROL ……. USER HOME ORGANIZATIONSSERVICE ORGANIZATIONSUSERAGENTS CAS B GRID RE- SOURCES ALICE@ UU.NL ASP-B GRID RE- SOURCES BILL@ UVA.NL ASP-A AAA AL AMY ANN MIT.EDU CAS A AAA INFN.IT DARIO FABRIZIO GIORGIO ……. Possible AAA role in user authentication & authorization ?
11
8/10/2001GGF - 3 / Leon Gommans - UvA11 SERVICE ORGANIZATIONS USER GRID RE- SOURCES ALICE@ UU.NL ASP-A AAA Possible AAA role in resource management ? GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES AAA GRID RE- SOURCES GRID RE- SOURCES BROKER ASP-B CAS
12
8/10/2001GGF - 3 / Leon Gommans - UvA12 Thank you http://www.aaaarch.org
Similar presentations
