IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

Slides:

Advertisements

Similar presentations

Authentication Authorization Accounting and Auditing

Advertisements

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

ICN RG Proposed Charter IETF–81 July 2011 Börje Ohlman & Dirk Kutscher.

Web Services Architecture An interoperability architecture for the World Wide Service Network.

TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Multi-Mode Survey Management An Approach to Addressing its Challenges

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

User-Level Performance Monitoring Programme Cees de Laat Hans Blom 1 of 6 Utrecht University.

Securing the Broker Pattern Patrick Morrison 12/08/2005.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

6/1/2015Ch.31 Defining Enterprise Architecture Bina Ramamurthy.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Generic AAA Architecture draft-delaat-aaa-generic-00 C. de Laat Utrecht University G. Gross Lucent Technologies L. Gommans Cabletron Systems EMEA J. Vollbrecht.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture chairs: C. de Laat J. Vollbrecht 1 of 16.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,

Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.

SQL Forms Engine Koifman Eran Egri Ozi Supervisor: Ilana David.

Accounting, billing & payment Support for financial exploitation of network-based services Henk Jonkers Telematica Instituut Enschede, the Netherlands.

SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

The IRTF Promoting Research for the Evolution of the Future Internet Cees de Laat chair AAAARCH-Research Group Utrecht University.

1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.

Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.

8.1 Lawson Security Overview Del Dehn Product Manager.

WEIRD Hot Topic: Wireless Chris Burke WEIRD Working Group

PART II BoD server prototype Implementation & technical details MB-NG UCL 20/21 - Feb Bas van Oudenaarde Advanced Internet Research Group.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.

1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided.

OGF DMNR BoF Dynamic Management of Network Resources Documents available at: Guy Roberts, John Vollbrecht.

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

The concepts of Generic AAA are described in RFC2903 [1] (Generice AAA Architecture) and RFC2904 [2] (Authorization Framework). Several.

Middleware Solution for What Problem? Cees de Laat Faculty of Physics and Astronomy Utrecht University.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Policy based co-allocation of connection oriented network resources using the principles of Generic AAA ON*VECTOR 3rd Annual Photonics Workshop San Diego.

Moving towards an IRS WG Charter Ross Callon IETF 85, Atlanta.

Interconnecting Autonomous Medical Domains Gritzalis, S.Gritzalis, S. ; Belsis, P. ; Katsikas, S.K. ; Univ. of the Aegean, Samos Belsis, P.Katsikas, S.K.

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

Multi-domain provisioning of Lower Layer Network Transports based on Generic AAA TERENA TF-AACE Workshop 21/11/03 Leon Gommans University of Amsterdam.

WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.

RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.

GGF - © Birds of a Feather - Policy Architecture Working Group.

Georg Carle, Sebastian Zander, Tanja Zseby

Integration of and Third-Generation Wireless Data Networks

SDN RG State of the Nation

Joseph JaJa, Mike Smorul, and Sangchul Song

AAA: A Survey and a Policy- Based Architecture and Framework

3GPP and SIP-AAA requirements

Hans, KIM TTA Release approach and CJK requirements Hans, KIM TTA

Presentation transcript:

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905, 2906, 3334

Contents of this talk This space is intentionally left blank Except for: EU IST

History & Charter Authorization subgroup of AAA-WG Commonality in authorization space Tie in policy from all WG's IRTF-RG chartered in Dec 1999 This RG will work to define a next generation AAA architecture that incorporates a set of interconnected "generic" AAA servers and an application interface that allows Application Specific Modules access to AAA functions.

From charter The architecture's focus is to support AAA services that: can inter-operate across organizational boundaries are extensible yet common across a wide variety of Internet services enables a concept of an AAA transaction spanning many stakeholders provides application independent session management mechanisms contains strong security mechanisms that be tuned to local policies is a scalable to the size of the global Internet

Basic AAA Service perspective: –Who is it who wants to use my resource »Establish security context –Do I allow him to access my resource »Create a capability / ticket /authorization –Can I track the usage of the resource »Based on type of request (policy) track the usage User perspective –Where do I find this or that service –What am I allowed to do –What do I need to do to get authorization –What does it cost Intermediaries perspective –Service creation –Brokerage / portals Organizational perspective –What do I allow my people to do –Contractual relationships (SLA’s)

Physics-UU to IPP-FZJ => 7 kingdoms –Netherlands »Physics dept »Campus net »SURFnet –Europe »TEN 155 –Germany »WINS/DFN »Juelich, Campus »Plasma Physics dept Multi Kingdom Problem USA line 3 ms Jülich 17 ms 2.5 ms

The need for AAA End user RRRR Remote service management Kingdom NKingdom N+1 BB AAA BB management ? AAA $$$

Roles GEANT/DANTE SURFnetDFN SWITCH REDIRIS USERUSER USERUSER USERUSER USERUSER UNI USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER

USERUSER UHO AAA Provider AAA Service Authorization Models AGENT USERUSER UHO AAA Provider AAA Service PULL USERUSER UHO AAA Provider AAA Service PUSH

Generic AAA server Rule based engine Application Specific Module Policy Data Service 5 Starting point PDP PEP 4 Accounting Metering 3 4’ 5 Acct Data API Policy Data 3

Multi domain case

Example BoD request - person1 1#fdjkj9#esn34k now 3600

Example of BoD driving Policy if ( ASM::Authorizer.authorize( Request::AuthorizationData.Credential.ID, Request::AuthorizationData.Credential.Key ) then ( ASM::RM.BoD( Request::ServiceData.SwitchData.Source, Request::ServiceData.SwitchData.Destination, Request::ServiceData.SwitchData.Bandwidth, Request::ServiceData.SwitchData.StartTime, Request::ServiceData.SwitchData.Duration ) ; Reply::Answer.Message = "Request successful" ) else ( Reply::Error.Message = "Request failed" )

Charter - research items develop generic AAA model by specifically including Authentication and Accounting UNDERWAY develop auditability framework specification that allows the AAA system functions to be checked in a multi-organization environment NJET develop a model for management of a "mesh" of interconnected AAA Servers NJET describe interdomain issues using generic model NJET define in a high level and abstract way the interfaces between the different components in the architecture UNDERWAY define distributed AAA related policy framework ON THE TABLE develop an accounting model that allows authorization to define the type of accounting processing required for each session ON THE TABLE implement a simulation model that allows experimentation with the proposed architecture UNDERWAY work with RAP-WG to develop an Authentication Information management model ON THE TABLE work with GRID-Forum to align the security and AAA architectural ideas UNDERWAY √

Research Group - info Research Group Name: AAAARCH - RG Chair(s) –John Vollbrecht -- –Cees de Laat -- Web page – – Mailing list(s) –For subscription to the mailing list, send to with content of message subscribe aaaarch end –will be archived, retrieval with frames and in plain ascii: » » »ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current