User Identity Policy Element Tim Moore Microsoft.

Slides:

Advertisements

Similar presentations

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Advertisements

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

MPLS Multiple Topology Support draft-zhao-mpls-ldp-multiple-topology-01 draft-zhao-mpls-rsvp-te-multiple-topology-01 IETF 80 – Prague.

RSVP-TE Extensions for SRLG Configuration of FA

RSVP-TE extensions for dynamic hostname traversing OSPF routing areas draft-zheng-ccamp-rsvp-te-dynamic-hostname-00 Zhi Zheng,

IETF 77, Anaheim, March 21-26, 2010Page - 1 Requirements for Path Ownership Transfer between Management Plane and Control Plane in a MPLS-TP network draft-bao-mpls-tp-path-transfer-reqs-00.txt.

1MEDIACON 2004 © 2001, Cisco Systems, Inc. A View on Mobility for Multimedia Arthur Feather Mobile Wireless Group Cisco Systems Arthur Feather Mobile Wireless.

Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman

Fall VON Developers’ Conference – 09/13/00 SIP Update IMPS – Instant Messaging and Presence Using SIP Steve Donovan Architect.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

OLD DOG CONSULTING Challenges and Solutions for OAM in Point-to-Multipoint MPLS Adrian Farrel, Old Dog Consulting Ltd. Zafar Ali, Cisco Systems, Inc.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Informal Quiz 7 T F  Strong authentication involves sending shared secrets on the wire 

EE689 Lecture 12 Review of last lecture Multicast basics.

Multicast Communication

CS 268: Lecture 10 (Integrated Services) Ion Stoica March 4, 2002.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Identity and Access Management Business Ready Security Solutions.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

CSE679: QoS Infrastructure to Support Multimedia Communications r Principles r Policing r Scheduling r RSVP r Integrated and Differentiated Services.

CS 268: Integrated Services Lakshminarayanan Subramanian Feb 20, 2003.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Group Communications at Concordia J. William Atwood High Speed Protocols Laboratory Concordia University Montreal, Quebec, Canada.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

Folie 1 AIMS Workshop Heidelberg, 9-11 March 1998 IP Multicast Services over ATM for Broadband Collaborative Engineering — Experience from the MULTICUBE.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Ryan Troll Carnegie Mellon University Project Orpheus Network Issues.

ACHIEVING MULTIMEDIA QOS OVER HYBRID IP/PSTN INFRASTRUCTURES QOS Signalling and Media Gateway Control ITU-T SG13/SG16 Workshop on IP Networking and Mediacom.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

Group Communication A group is a collection of users sharing some common interest.Group-based activities are steadily increasing. There are many types.

1 MPLS: Progress in the IETF Yakov Rekhter

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

The Design and Implementation of a tutorial to illustrate the Kerberos protocol Presenter : Lindy Carter Supervisors : Peter Wentworth John Ebden.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

Peter van der Stok August 3,2012 ROLL working group 1 draft-vanderstok-roll-mcreq-02 Multicast Requirements for LLN in Buildings.

ETE Framework for QoS guarantee in Heterogeneous Wired-cum-Wireless Networks (cont.) 홍 석 준

Dissuasion, Working Group Scope and Deliverables Lou Berger Pat Thaler

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.

QoS in Mobile IP by Preethi Tiwari Chaitanya Deshpande.

ReSerVation Protocol (RSVP) Presented by Sundar P Subramani UMBC.

Chapter 6 outline r 6.1 Multimedia Networking Applications r 6.2 Streaming stored audio and video m RTSP r 6.3 Real-time, Interactive Multimedia: Internet.

EE 122: Integrated Services Ion Stoica November 13, 2002.

Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.

CIS679: RSVP r Review of Last Lecture r RSVP. Review of Last Lecture r Scheduling: m Decide the order of packet transmission r Resource configuration.

Univ. of TehranIntroduction to Computer Network1 An Introduction Computer Networks An Introduction to Computer Networks University of Tehran Dept. of EE.

IS3220 Information Technology Infrastructure Security

Establishing P2MP MPLS TE LSPs draft-raggarwa-mpls-p2mp-te-02.txt Rahul Aggarwal Juniper Networks.

82 nd Taipei Protection Mechanisms for LDP P2MP/MP2MP LSP draft-zhao-mpls-mldp-protections-00.txt Quintin Zhao, Emily Chen, Huawei.

ECE 544 Protocol Design Project 2016 Chengyao Wen Hua Deng Xiaoyu Duan.

Support for RSVP-TE in L3VPNs Support for RSVP-TE in L3VPNs draft-kumaki-murai-ccamp-rsvp-te-l3vpn-01.txt Kenji Kumaki KDDI Corporation Tomoki Murai Furukawa.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.

EE 122: Lecture 16/17 (Integrated Services)

ISIS Route Tag sub-TLV draft-ietf-isis-admin-tags-02.txt

ECE 544 Protocol Design Project 2016

מנחה: דר ניסים צורי ישראל דורי בקשי שגיא

Advanced Computer Networks

Anup K.Talukdar B.R.Badrinath Arup Acharya

Computer Networks Protocols

Group Key Optimizations

Presentation transcript:

User Identity Policy Element Tim Moore Microsoft

Draft-ietf-rap-user-identity-00.txt Authors Peter Ford - Microsoft Satyen Yadav - Intel Ramesh Pabbati - Microsoft Shai Herzog - IP Highway Presented at Los Angeles IETF meeting

Features Identifies user to a RSVP Policy Hop in a secure manner. –MD-5 shared keys for end systems is hard to deploy and unscalable –Could extend Integrity Object to use User Identities in place of IP identities. Allows remap identity at any RSVP node –disney/world/epcot/mickey -> disney.com Self Identifying Objects –Supports multiple security methods. Can support COPS/RAP framework

Limitations Finite Cost for Security –Kerberos Tickets are ~700 bytes –Certs are longer –Net - works best with only one identity per msg Multicast merge cases are still open –not a wire protocol issue

Multicast Merge What if the merge occurs before policy check - free rider problem –simply a policy issue - move policy to merge points if you want that level of control What identity for merged reservation? –Don’t want huge user lists in RESV msgs

Multicast Merge Sender Router 2 Router 1 Receiver 1 Receiver 2 Receiver 1 RESV message with with ID PE for User 3 RESV message with ID PE for User 1 + User 2 + User 3 RESV message with with ID PE for User 2 RESV message with with ID PE for User 1

Potential Solutions for Multicast Use a network identity (router id, corp network id, etc.). Generate a Group identity of the receivers. –Cost of doing and recording this (for auditing) Don’t use Identity Policy Element –can use currently defined Integrity object

Status MS current plan –Implemented in NT 5.0 beta 2 –Mcast merge - use network id beyond first hop policy node Would like to move forward on stds track –Need other implementations Do we need an overall security framework for RSVP?