Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions."— Presentation transcript:

1 AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions from many persons including: B. de Bruijn, C & K Dobbins, S. Farrell, G. Gross, L. Gommans, D. Spence, E. Verharen, T. Verschuren, T. Zseby 1 of 14

2 Applications –Network Access –Bandwidth Broker –Authorization of resources living in many administrative domains –Budget system –Library system –Computer based education system –E-Commerce –Micro-payments –Car Rental –Daily life 2 of 14

3 Physics-UU to IPP-FZJ => 7 kingdoms –Netherlands »Physics dept »Campus net »SURFnet –Europe »TEN 155 –Germany »WINS/DFN »Juelich, Campus »Plasma Physics dept Multi Kingdom Problem 3 of 14 USA line 3 ms Jülich 17 ms 2.5 ms

4 The need for AAA End user RRRR Remote service management 4 of 14 Kingdom NKingdom N+1 BB AAA BB management ? ? AAA $$$

5 User User Home Organization AAA Server Service Provider AAA Server Service Equipment Request 1 Approved 4 Commit Approval 3 Conditional Approval 2 5 use service 3 Example application: bandwidth brokerage at Enterprise/Service Provider boundary Roaming “Agent” Authorization Model 5 of 14

6 User User Home Organization AAA Server Service Provider AAA Server Service Equipment Request 1 Approved 4 Commit Approval 2 Conditional Approval 3 5 use service 4 Example applications: Mobile IP, PPP dial-in to NAS 1 Roaming “Pull” Authorization Model 6 of 14

7 User User Home Organization AAA Server Service Provider AAA Server Service Equipment Request 1 Approved 4 5 use service 4 Conditional Approval with ticket 2 Request with ticket 3 Example application: Internet printing, where file and print servers are in different admin domains Roaming “Push” Authorization Model 7 of 14

8 Generic AAA server Rule based engine Application Specific Module Auth rules Events API 2 11 3 AAA Server building block Types of communication: 1: “The” AAA protocol 2: interface (API) to app specific module (addressing!) 3: interface (API or connection) to repositories (e.g. LDAP) 8 of 14 Rule example: Auth_A = (B>9).or. C.and. D

9 Generic AAA server Rule based engine Application Specific Module Policy Events 2 11 3 Service 5 Types of communication: 5: Towards service (f.e. COPS, CLI, SNMPv3) Pushing the buttons 9 of 14

10 Generic AAA server Rule based engine Application specific Module Policy Events 2 11 3 4 Types of communication: 4: Legacy protocols (Radius, Diameter, …) 10 of 14 Legacy protocols

11 Generic AAA server Rule based engine Application specific Module Policy Events 2 11 3 4 GW 1 2 Gateway 11 of 14

12 AAA Server with Accounting as Separate Service Generic AAA server Rule based engine Application Specific Module Policy Events 2 11 3 Accounting Module Service 5 Metering 6 Acct Data 3 2 12 of 15

13 Generic AAA server Rule based engine Application specific Module Policy Events 2 11 3 Accounting/ Metering Service 5 Acct Data 3 5 AAA Server with Accounting as Part of the Service 13 of 16

14 Example: Interaction with Authorization User AAA Server Service Equipment Visited ISP Home ISP Collectors Meters Accounting Records (ARs) 1 2 3 4 5 6 Service parameters including Accounting Policy Charging Policies Bill Charging & Billing configuration 7 ARs 8 (optional online charging) 14 of 16

15 AAA server 15a of 16 Generic AAA Agent Model

16 Layer 3/4 Switch Internet User Content Server AAA Content Server AAA Content Server AAA Bandwidth Broker AAA User-Home Organ. AAA Financial Organ. AAA Service Profiles AAA ASPISP's 15b of 16 Future AAA Application (ASP)

17 RG-Goals-1 Specific goals of the RG are: develop generic AAA model by specifically including Authentication and Accounting develop auditability framework specification that allows the AAA system functions to be checked in a multi- organization environment develop a model that supports management of a "mesh" of interconnected AAA Servers define distributed policy framework, coordinate with policy framework WG and others develop an accounting model that allows authorization to define the type of accounting processing required for each session 15c of 16

18 RG-Goals-2 Specific goals of the RG are: implement a simulation model that allows experimentation with the the proposed architectural models (also work on an emulation) describe interdomain issues using generic model work with AAA WG to align short term AAA protocol requirements with long term requirements as much as possible complete the work in Q4 - 2000 (ambitious) 15d of 16

19 Research Group Name: AAAARCH - RG Chair(s) –John Vollbrecht -- jrv@merit.edu –Cees de Laat -- delaat@phys.uu.nl Web page –www.irtf.org –www.phys.uu.nl/~wwwfi/aaaarch Mailing list(s) –aaaarch@fokus.gmd.de –For subscription to the mailing list, send e-mail to majordomo@fokus.gmd.de with content of message subscribe aaaarch end –will be archived, retrieval with frames and in plain ascii: »http://www.fokus.gmd.de/glone/research/aaaarch/ »http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current »ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current 16 of 16 Research Group - info

Download ppt "AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions."

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.
LTMI Internet Management Technology Laboratory APNOM 2003 A Study on Survivability of Mobile Network Nodes in the Network Mobility Sang Young Lee, Jin.

LTMI Internet Management Technology Laboratory APNOM 2003 A Study on Survivability of Mobile Network Nodes in the Network Mobility Sang Young Lee, Jin.
TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.

TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.
AdvOSS Service Management 0 AdvOSS Service Management Solution is mainly composed of three products (AAA Server, Policy Server & HSS) and based on AdvOSS.

AdvOSS Service Management 0 AdvOSS Service Management Solution is mainly composed of three products (AAA Server, Policy Server & HSS) and based on AdvOSS.
8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.

8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
User-Level Performance Monitoring Programme Cees de Laat Hans Blom 1 of 6 Utrecht University.

User-Level Performance Monitoring Programme Cees de Laat Hans Blom 1 of 6 Utrecht University.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.

Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.
Generic AAA Architecture draft-delaat-aaa-generic-00 C. de Laat Utrecht University G. Gross Lucent Technologies L. Gommans Cabletron Systems EMEA J. Vollbrecht.

Generic AAA Architecture draft-delaat-aaa-generic-00 C. de Laat Utrecht University G. Gross Lucent Technologies L. Gommans Cabletron Systems EMEA J. Vollbrecht.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
Web Server Administration

Web Server Administration
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Similar presentations

Ads by Google