Presentation is loading. Please wait.

Presentation is loading. Please wait.

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

Published byJulie Marilyn Murphy Modified over 8 years ago

Similar presentations

Presentation on theme: "IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,"— Presentation transcript:

1 IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905, 2906, 3334

2 Contents of this talk This space is intentionally left blank Except for: EU IST-2001-32459

3 History & Charter Authorization subgroup of AAA-WG Commonality in authorization space Tie in policy from all WG's IRTF-RG chartered in Dec 1999 This RG will work to define a next generation AAA architecture that incorporates a set of interconnected "generic" AAA servers and an application interface that allows Application Specific Modules access to AAA functions.

4 From charter The architecture's focus is to support AAA services that: can inter-operate across organizational boundaries are extensible yet common across a wide variety of Internet services enables a concept of an AAA transaction spanning many stakeholders provides application independent session management mechanisms contains strong security mechanisms that be tuned to local policies is a scalable to the size of the global Internet

5 Basic AAA Service perspective: –Who is it who wants to use my resource »Establish security context –Do I allow him to access my resource »Create a capability / ticket /authorization –Can I track the usage of the resource »Based on type of request (policy) track the usage User perspective –Where do I find this or that service –What am I allowed to do –What do I need to do to get authorization –What does it cost Intermediaries perspective –Service creation –Brokerage / portals Organizational perspective –What do I allow my people to do –Contractual relationships (SLA’s)

6 Physics-UU to IPP-FZJ => 7 kingdoms –Netherlands »Physics dept »Campus net »SURFnet –Europe »TEN 155 –Germany »WINS/DFN »Juelich, Campus »Plasma Physics dept Multi Kingdom Problem USA line 3 ms Jülich 17 ms 2.5 ms

7 The need for AAA End user RRRR Remote service management Kingdom NKingdom N+1 BB AAA BB management ? AAA $$$

8 Roles GEANT/DANTE SURFnetDFN SWITCH REDIRIS USERUSER USERUSER USERUSER USERUSER UNI USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER

9 USERUSER UHO AAA Provider AAA Service 1 4 3 2 5 3 Authorization Models AGENT USERUSER UHO AAA Provider AAA Service 1 4 2 3 5 4 1 PULL USERUSER UHO AAA Provider AAA Service 1 4 5 4 2 3 PUSH

10 Generic AAA server Rule based engine Application Specific Module Policy Data 2 11 3 Service 5 Starting point PDP PEP 4 Accounting Metering 3 4’ 5 Acct Data API Policy Data 3

11 Multi domain case

12 Example BoD request - person1 1#fdjkj9#esn34k 100.10.20.30 110.1.2.3 2500 now 3600

13 Example of BoD driving Policy if ( ASM::Authorizer.authorize( Request::AuthorizationData.Credential.ID, Request::AuthorizationData.Credential.Key ) then ( ASM::RM.BoD( Request::ServiceData.SwitchData.Source, Request::ServiceData.SwitchData.Destination, Request::ServiceData.SwitchData.Bandwidth, Request::ServiceData.SwitchData.StartTime, Request::ServiceData.SwitchData.Duration ) ; Reply::Answer.Message = "Request successful" ) else ( Reply::Error.Message = "Request failed" )

14 Charter - research items develop generic AAA model by specifically including Authentication and Accounting UNDERWAY develop auditability framework specification that allows the AAA system functions to be checked in a multi-organization environment NJET develop a model for management of a "mesh" of interconnected AAA Servers NJET describe interdomain issues using generic model NJET define in a high level and abstract way the interfaces between the different components in the architecture UNDERWAY define distributed AAA related policy framework ON THE TABLE develop an accounting model that allows authorization to define the type of accounting processing required for each session ON THE TABLE implement a simulation model that allows experimentation with the proposed architecture UNDERWAY work with RAP-WG to develop an Authentication Information management model ON THE TABLE work with GRID-Forum to align the security and AAA architectural ideas UNDERWAY √

15 Research Group - info Research Group Name: AAAARCH - RG Chair(s) –John Vollbrecht -- jrv@interlinknetworks.com –Cees de Laat -- delaat@science.uva.nl Web page –www.irtf.org –www.aaaarch.org Mailing list(s) –aaaarch@fokus.gmd.de –For subscription to the mailing list, send e-mail to majordomo@fokus.gmd.de with content of message subscribe aaaarch end –will be archived, retrieval with frames and in plain ascii: »http://www.fokus.gmd.de/glone/research/aaaarch/ »http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current »ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current

16

Download ppt "IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,"

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.
Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.
ICN RG Proposed Charter IETF–81 July 2011 Börje Ohlman & Dirk Kutscher.

ICN RG Proposed Charter IETF–81 July 2011 Börje Ohlman & Dirk Kutscher.
Web Services Architecture An interoperability architecture for the World Wide Service Network.

Web Services Architecture An interoperability architecture for the World Wide Service Network.
TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.

TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Multi-Mode Survey Management An Approach to Addressing its Challenges

Multi-Mode Survey Management An Approach to Addressing its Challenges
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
User-Level Performance Monitoring Programme Cees de Laat Hans Blom 1 of 6 Utrecht University.

User-Level Performance Monitoring Programme Cees de Laat Hans Blom 1 of 6 Utrecht University.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
6/1/2015Ch.31 Defining Enterprise Architecture Bina Ramamurthy.

6/1/2015Ch.31 Defining Enterprise Architecture Bina Ramamurthy.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Similar presentations

Ads by Google