8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Authentication Authorization Accounting and Auditing
Generic AAA* based Bandwidth on Demand EVL at UIC meeting Leon Gommans
Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.
Copyright 2001 – Wireless-Nets, Ltd.Page 1 Public Wireless LAN Hotspots Applications and Technologies September 27, 2001 Presented by: Jim Geier Principal.
© 2006 Open Grid Forum Firewall Models Firewall Issues Research Group - OGF 19 Chapel Hill - Januari 30th 2007 Inder Monga, Leon Gommans.
1 Bandwidth management essentials Issues for technical staff and technical solutions.
1 Scaling Advanced Real-Time Communications Bob Alice User Campus / Enterprise UserWANs/MANs/LANs Campus / Enterprise Host Network-Layer Connectivity high-performance,
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Network Service Interface (NSI) Inder Monga Co-chair, Network Services.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
IPv6 and IBP storage network and content delivery system over an IPv6 Testbed Gabriella Paolini
Multi-Domain Lightpath Authorization Architecture using Tokens By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Yuri Demchenko,
Copyright Information Here Junaid Arshad 1, Wei Jie 2, Andy Turner 1 University of Leeds 1, University of Manchester 2, UK Securing.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
The DutchGrid Platform Collaboration of projects from –Computer Science, HEP and service providers Participating and supported projects –Virtual Laboratory.
Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
1 CHEETAH software OCS/AAA module Routing decision module Signaling module VLSR module Include TL1 proxy for Cisco MSPP Router disconnect module.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Trust Framework for Multi-Domain Authorization Internet2 Spring Meeting Arlington April 25 th 2012 Leon Gommans:
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
AIMS’99 Workshop Heidelberg, May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.
RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,
Dataplane and Content Security on Optical Networks panel.
Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.
The concepts of Generic AAA are described in RFC2903 [1] (Generice AAA Architecture) and RFC2904 [2] (Authorization Framework). Several.
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Policy based co-allocation of connection oriented network resources using the principles of Generic AAA ON*VECTOR 3rd Annual Photonics Workshop San Diego.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
1 Draft RTC Architecture From “Next Steps for Internet2 Real Time Communications”
AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.
Multi-domain provisioning of Lower Layer Network Transports based on Generic AAA TERENA TF-AACE Workshop 21/11/03 Leon Gommans University of Amsterdam.
Next Generation OSS – Leveraging Revenue Producing Resources Todd Benjamin President & CEO Rodopi Software February, 25, 2004.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Operating Framework of Connection Networks OGF/NSI Working Group Chicago Oct. 10, 2012 John Vollbrecht & Leon Gommans University of Amsterdam.
Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.
Voice services in NGN/IMS architectures March 2008.
Virtual Private Networks (VPN)
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
The Internet.
EA C451 Vishal Gupta.
Grid Network Services: Lessons from SC04 draft-ggf-bas-sc04demo-0.doc
Authentication Authorization Accounting(AAA) Protocol
Firewalls and GMPLS Networks: A token based approach
PPPoE Internet Point to Point Protocol over Ethernet
AAA: A Survey and a Policy- Based Architecture and Framework
INTERNET APPLICATIONS
Generic AAA Why generic AAA: scope and context.
Presentation transcript:

8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001 Frascati - Italy Leon Gommans University of Amsterdam Advanced Internet Research Group

8/10/2001GGF - 3 / Leon Gommans - UvA2 Objectives Give a better feeling of AAA environments. AAA concepts regarding user administration in multi-domain environments. Envisaged examples: –Role generic AAA in combination with CAS expanded towards the user –Role generic AAA in combination with CAS expanded towards the service. More info:

8/10/2001GGF - 3 / Leon Gommans - UvA3 Roots AAA roots in the “dial-in” environment where NAS use AAA servers to Authenticate & Authorize users and allow Accounting. Need was generated by recognition that user-administration at or near the service equipment does not scale very well. NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. UVA.NL UU.NL UVA.NL RADIUS ISP Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONSERVICE ORGANIZATIONUSER

8/10/2001GGF - 3 / Leon Gommans - UvA4 The “VO” from AAA perspective Example based on a highly simplified model of the SURFNET “Student Online” facility. The “VO” can be defined as the group of students and University Employees. The VO is offered free internet access if they belong to any Dutch University User administration is done by each individual university Each university is responsible for their own users towards the service.

8/10/2001GGF - 3 / Leon Gommans - UvA5 Flexibility of AAA allows: User organizations to outsourcing their dail-in service to one or more 3rd parties. Service organizations to host multiple organizations requiring dail- in facilities. Agreements can be implemented using a standards based protocol (RADIUS). RADIUS allows User organizations or Agents to migrate to other Service Providers. An agent, using proxy AAA to change its service without affecting the agreement with its customers. A service organization to have ultimate authority over its users.

8/10/2001GGF - 3 / Leon Gommans - UvA6 NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. UVA.NL UU.NL UVA.NL RADIUS ISP-B Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONS NETWORK ACCESS SERVERS AAA UVA.NL UU.NL RADIUS ISP-A Internet SERVICE ORGANIZATIONSUSER AAA

8/10/2001GGF - 3 / Leon Gommans - UvA7 NETWORK ACCESS SERVERS AAA ALICE ANNE ARIE ……. UVA.NL UU.NL UVA.NL RADIUS ISP-B Internet BILL BOB CAROL ……. USER HOME ORGANIZATIONS NETWORK ACCESS SERVERS AAA UVA.NL UU.NL RADIUS ISP-A Internet SERVICE ORGANIZATIONSUSER Proxy AAA RADIUS AAA AGENT

8/10/2001GGF - 3 / Leon Gommans - UvA8 USER CAS GRID RESOURCES AAA PUSH MODEL AAA can play a role in both area’s User authentication & authorization Resource Management in combining resources SERVICE ORGANIZATION USER HOME ORGANIZATION

8/10/2001GGF - 3 / Leon Gommans - UvA9 GRID RE- SOURCES UU.NL ASP-B GRID RE- SOURCES UVA.NL ASP-A SERVICE ORGANIZATIONSUSER ALICE.UU.NL ANNE.UU.NL ARIE.UU.NL BILL.UVA.NL BOB.UVA.NL CAROL.UVA.NL ……. UU.NL UVA.NL USER HOME ORGANIZATIONS CAS

8/10/2001GGF - 3 / Leon Gommans - UvA10 AAA ALICE ANNE ARIE ……. UU.NL UVA.NL BILL BOB CAROL ……. USER HOME ORGANIZATIONSSERVICE ORGANIZATIONSUSERAGENTS CAS B GRID RE- SOURCES UU.NL ASP-B GRID RE- SOURCES UVA.NL ASP-A AAA AL AMY ANN MIT.EDU CAS A AAA INFN.IT DARIO FABRIZIO GIORGIO ……. Possible AAA role in user authentication & authorization ?

8/10/2001GGF - 3 / Leon Gommans - UvA11 SERVICE ORGANIZATIONS USER GRID RE- SOURCES UU.NL ASP-A AAA Possible AAA role in resource management ? GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES AAA GRID RE- SOURCES GRID RE- SOURCES BROKER ASP-B CAS

8/10/2001GGF - 3 / Leon Gommans - UvA12 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.