COPS Common Open Policy Services Protocol IETF RFC 2748, 2749, 2753, 3084 Diana Rawlins WorldCom.

Slides:

Advertisements

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Advertisements

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.

MIT Lincoln Laboratory A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP Presentations ICS Group 10 October.

May 12, 2015IEEE Network Management Symposium Page-1 Requirements for Configuration Management of IP-based Networks Luis A. Sanchez Chief Technology Officer,

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

1 Migratory TCP: Connection Migration for Service Continuity in the Internet* Florin Sultan, Kiran Srinivasan, Deepa Iyer, Liviu Iftode Department of Computer.

Accessor Issues in the Access Bind PIB Freek Dijkstra Utrecht University, the Netherlands.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

1 COPS-RSVP and COPS-PR Interactions David Durham Intel.

Chapter 13 – Network Security

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.

ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.

COPS Common Open Policy Service Vemuri Namratha Kandaswamy Balasubramanian Venreddy Nireesha.

Unit – I CLIENT / SERVER ARCHITECTURE. Unit Structure  Evolution of Client/Server Architecture  Client/Server Model  Characteristics of Client/Server.

Introduction and Features of Java. What is java? Developed by Sun Microsystems (James Gosling) A general-purpose object-oriented language Based on C/C++

Home Appliance Control System

Network Management Security

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman

GMPLS Signaling Applicability Statement IETF #55, Atlanta draft-awduche-ipo-gmpls-signaling-applicability-00.txt Daniel Awduche

BGP L3VPN Virtual CE draft-fang-l3vpn-virtual-ce-01 Luyuan Fang Cisco John Evans Cisco David Ward Cisco Rex Fernando Cisco John Mullooly Cisco Ning So.

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

CS 501: Software Engineering Fall 1999 Lecture 12 System Architecture III Distributed Objects.

1 © NOKIA Functionality and Testing of Policy Control in IP Multimedia Subsystem Skander Chaichee HUT/Nokia Networks Supervisor: Professor Raimo.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.

Security fundamentals Topic 10 Securing the network perimeter.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

RSVP Policy Control using XACML Pontifícia Universidade Católica do Paraná PUC-PR, Brazil Presented by: Emir Toktar Emir Toktar Edgard.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

May 16th, 2001IM 2001, Seattle1 Session 18 - Panel 3 SNMP and/or COPS for Configuration Management? Session Chair: Bert Wijnen, Lucent Technologies co-AD.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,

Operations Area Working Group Mini-BOF Presentation COPS push mode policy configuration draft-xu-cops-push-00.txt Tom Taylor (draft editor) Tina Tsou (q.

Cryptography CSS 329 Lecture 13:SSL.

Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.

DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.

Introduction  Model contains different kinds of elements (such as hosts, databases, web servers, applications, etc)  Relations between these elements.

Security fundamentals

Module Overview Installing and Configuring a Network Policy Server

Self Healing and Dynamic Construction Framework:

Identity Management and Authorization

Network Load Balancing

Network Configurations

PAA-EP protocol considerations PANA wg - IETF 57 Vienna

Introduction to Cisco Identity Services Engine (ISE)

Computer Science Department

Chapter 8: Monitoring the Network

Architecture Competency Group

Chapter 2: Operating-System Structures

AAA: A Survey and a Policy- Based Architecture and Framework

Introduction to Network Security

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

Chapter 2: Operating-System Structures

Network Management Security

Presentation transcript:

COPS Common Open Policy Services Protocol IETF RFC 2748, 2749, 2753, 3084 Diana Rawlins WorldCom

16 May 2001Diana Rawlins WorldCom 2 COPS–PR Features Straightforward and reliable Enforces an authoritative source of provisioning management Operational integrity Rich set of atomic transaction capabilities Usage feedback Efficient, flexible and extensible

16 May 2001Diana Rawlins WorldCom 3 IETF Policy Framework DIR PDP PEP PDP PEP COPS PEP LDAP

16 May 2001Diana Rawlins WorldCom 4 Straightforward Compact & flexible object oriented operation set Reliable - persistent, TCP based connection PEPPDP Request Decision Report PEPPDP Open Client Type Connection Client Connection Accept

16 May 2001Diana Rawlins WorldCom 5 Authoritative provisioning source PEP restricted to one connection per client type A single point of provisioning enforces access control to device policies  Know who is doing what

16 May 2001Diana Rawlins WorldCom 6 Integrity COPS Integrity object Digest based authentication Sequencing prevents replay attack COPS usage with TLS work underway

16 May 2001Diana Rawlins WorldCom 7 Rich transaction set Multiple, interdependent, policies described efficiently in a single Decision operation Decision operation contains 1 to n policy instances Policy instances are constructed using –Single row (series of columnar attributes) –Inter-table row relationships Atomic transaction  All succeed or all fail Rollback to previous state Efficient use of resources

16 May 2001Diana Rawlins WorldCom 8 Policy Usage feedback Deterministic feedback of policy usage –Periodic or solicited Installed policies define monitoring characteristics and define reporting intervals Feedback supplied in Report operation –Type Success / failure –Accounting Type – provides policy usage feedback

16 May 2001Diana Rawlins WorldCom 9 Flexible and extensible Multiple capabilities with Decision operation –Policy installation –Remove policy – single instance, wildcard per class or entire policy state associated with request –Context switching – switch potentially large policy sets with compact and concise instruction Client Specific Interface object – clientSI –Define objects for new client types Supports Policy Information Base (PIB) extensions and deprecations –Subject categories distinguish the types of policy

16 May 2001Diana Rawlins WorldCom 10 Failover PEP uses cached policies for adjudication –Based on configured time period Upon re-establishment of connection, the PDP may issue Synchronize State Request message –solicit from PEP its cached policy and synchronize with the cached policy

16 May 2001Diana Rawlins WorldCom 11 Wrap COPS supports a rich set of both static and dynamic policies Is efficient with network, computing and engineering development resources Permits the focus to be on constructing and maintaining network policy