Operating Framework of Connection Networks OGF/NSI Working Group Chicago Oct. 10, 2012 John Vollbrecht & Leon Gommans University of Amsterdam.

Slides:

Advertisements

Similar presentations

Authentication Authorization Accounting and Auditing

Advertisements

© 2006 Open Grid Forum Network Services Interface Introduction to NSI Guy Roberts.

NSI/NML Resource and Topology Issues OGF Munich March 2010.

NSI wg Architecture Elements John Vollbrecht Internet2.

Connect. Communicate. Collaborate I-SHARe Anand Patil, DANTE NML-WG, Open Grid Forum 22, Cambridge (MA), 26 February 2008.

Organizational Governance

High level QA strategy for SQL Server enforcer

The Individual Health Plan Essential to achieve educational equality for students with health management needs Ensures access to an education for students.

Toward an Agent-Based and Context- Oriented Approach for Web Services Composition IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 17, NO. 5,

Internal Control–Integrated Framework

Lawrence Berkeley National LaboratoryU.S. Department of Energy | Office of Science Network Service Interface (NSI) Inder Monga Co-chair, Network Services.

© 2006 Open Grid Forum Network Service Interface in a Nut Shell GEC 19, Atlanta, GA Presenter: Chin Guok (ESnet) Contributors: Tomohiro Kudoh (AIST), John.

ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.

Unit 1: Introductions and Course Overview Administrative Information  Daily schedule  Restroom locations  Breaks and lunch  Emergency exit routes 

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

OASIS Reference Model for Service Oriented Architecture 1.0

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

A credit union authority to invest in derivatives is limited to and has been granted exclusively for the purpose of reducing interest rate risk exposure.

Information Systems Controls for System Reliability -Information Security-

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Trust Framework for Multi-Domain Authorization Internet2 Spring Meeting Arlington April 25 th 2012 Leon Gommans:

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.

RIPE64 Enum Working Group DE-CIX NGN Services.

Sociology 3322a. “…the systematic assessment of the operation and/or outcomes of a program or policy, compared to a set of explicit or implicit standards.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Introduction to Internal Control Systems

Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.

Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.

Roles and Responsibilities

D u k e S y s t e m s A Tale of Two Federations Jeff Chase Duke University.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

From Use Cases to Test Cases 1. A Tester’s Perspective  Without use cases testers will approach the system to be tested as a “black box”. “What, exactly,

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

MA. EXPORT CENTER COMPLIANCE CLINIC

Enterprise Systems Architectures EGN 5621 Enterprise Systems Collaboration (Professional MSEM) Fall, 2012.

1 of 27 How to invest in Information for Development An Introduction Introduction This question is the focus of our examination of the information management.

OGF DMNR BoF Dynamic Management of Network Resources Documents available at: Guy Roberts, John Vollbrecht.

Jini Architecture Introduction System Overview An Example.

Internal Control Systems

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Dynamic Network Services In Internet2 John Vollbrecht /Dec. 4, 2006 Fall Members Meeting.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.

AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.

Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.

DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:

LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.

1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL

Operating Framework of Connection Networks

draft-bernini-nfvrg-vnf-orchestration

Authority Recognition GGF9

Dynamic Network Services In Internet2

Understanding the Principles and Their Effect on the Audit

NSI Topology Thoughts on how topology fits into the NSI architecture

NSI wg Architecture Elements

Grid Network Services: Lessons from SC04 draft-ggf-bas-sc04demo-0.doc

Brief Introduction to IEEE P802.1CF

Chapter 12 Implementing strategy through organization

Internal control - the IA perspective

Chapter 12 Implementing strategy through organization

CORPORATE & ACADEMIC GOVERNANCE STRUCTURE

An overview of Internal Controls Structure & Mechanism

System architecture, Def.

Hyperledger Fabric 소개 및 튜토리얼

Presentation transcript:

Operating Framework of Connection Networks OGF/NSI Working Group Chicago Oct. 10, 2012 John Vollbrecht & Leon Gommans University of Amsterdam

Quick Introduction This presentation is intended to help provide a basis for defining AA requirements for NSI We would like feedback about whether this helps promote NSI AA and what could be improved or explained better This presentation uses the Network Provider Group [NPG] Framework to describe the organization of a group of provider networks collaborating to create connections between edgepoints of the networks NPG is an instance of Service Provider Group [SPG] Framework which has been developed by examining services provided by groups of autonomous organizations The NPG Framework describes how a group of network organizations can collaborate to provide connections between edge points

Network Provider Group Basics NPG is a group of network providers organized to offer connections to users NPG has two dimensions – User view – Provider view Three functional levels + oversight – Enterprise (managerial) – Policy – operational

NPG Dimensions User view – User gets connedtion from NPG Provider view Includes provider nets, service providers such as topology, pathfinding, monitoring. Policy

NPG User Dimension

NPG Provider View NPG is overlay on set of Providers NPG coordinates agents to provide service Provider org may be part of more than one NPG Mapping to NSI terms Admin – provider org Policy – NSA NOC – NRM Actions may be human or automated or combination

NPG Provider Dimension Mapping to NSI NSI Framework Conn. Service Topology Service Discover Service Monitor Service NSA NRM CS State Mach. TS State Mach. MS State Mach. TSDB NPG Service NPG State Mach NPG State Mach NPG Policies Modified from Inder’s slides from Delft Blue boxes show NPG services – Green services coordinated by NPG

NPG Levels Enterprise level - management – Defines, builds and monitors business architecture of collaborating providers – Includes managers of each network and service providers as well as NPG manager – Each enterprise actor reports to the principal of its organization Policy level – NSA level – executes policy using infrastructure and rules defined at Enterprise level – Monitors Policy level for compliance with Enterprise rules – Each policy actor reports to its enterprise owner – Policy actors specify connections to participating operation level Operation control level – NRM level – Provides connection specified by Policy level using infrastructure defined by Enterprise Level – Operates using infrastructure and rules defined at Enterprise level – Instantiates Connections specified by Policy level – Monitors and reports on connection compliance with policy and enterprise rules

NPG Assumptions Provider preconditions A set of interconnected networks- potential provider networks Each provider net has an operation level NOC/ NRM Each provider network has a Policy Agent / NSA Each network has a business manager agent at enterprise level Organization of NPG NPG coordinates a group of networks and service providers Each organization, including NPG, has a principal and associated Directorate which is accountable for its activities NPG has agents that enable and monitor functions at all levels NPG uses Service providers [e.g. topology server] are used by NPG to enable NPG functions

Principal/Directorate and Accountability 1.Every organization has a principal that is accountable to other principals The Principal may have a “Directorate” that acts at an executive level for the Principal 2.A principal may act alone, or may have an organization to whom it delegates functional responsibility 3.Principals of organizations are ultimately responsible for defining and executing policy and are accountable for the results of policy. 4.Principals of organizations participating in an NPG delegate authority to enterprise agents who in turn delegate some of their authority to policy and operation agents 5.When acting for a principal, an agent must be demonstrate that it has been delegated the authority from the principal. Principal is the head of the authority chain for the organization 6.NPG Agents report on performance of functional activity so that Principal can take corrective action as needed

Mutiple Networks and Multiple NPGs NPGs can be created using the same Provider networks Having a number of networks with standard agents means they are able to join different NPGs as appropriate

NPG Principal/Directorate An NPG Principal is created when an NPG is created An NPG Principal is ultimately accountable for commitments the NPG makes to users and for enforcing agreements among members NPG Principal could be a corporation operating the way MasterCard and Visa coordinates CC services for banks Could be an executive group formed by a set of networks – perhaps formed by GLIF Could an executive from a group of National networks who interconnect to provide service to other nets NPG Principal creates NPG Directorate with agents NPG delegates authority to its agents

Service Agreements Principals risk/reward The Principal of each organization is responsible for service performance, and accepts risks with associated rewards and penalties. – In a small business it might be the owner – In a corporation it is the board of directors The principal delegates responsibility to agents, is accountable for agent actions Service agreements are between principals Service agreements define how costs and benefits are allocated An agent must be able to prove it is acting for (authorized by) a particular principal to participate in protocol between agents

Authorization and Responsibility

Risks and Rewards For the principal of an NPG two basic types of risk exist - it is accountable to user for both, allocates partial responsibility and liability to providers 1.Business Risk e.g. Use may not be as high as expected or may use some feature more than expect This is a Risk evaluated at Enterprise level 2.Operational Risk e.g Infrastructure may refuse valid requests or may not be able to handle the volume of requests or may accept fraudulent requests This is a risk of infrastructure and protocol Infrastructure and protocol can limit cost of risk Enforcement of operational requirements can limit cost of risk

Summary Need an NPG for placing components coherently into the system to provide authorization. Multiple networks collaborating to provide connections to users - need an NPG to define and oversee how they collaborate NPG agents are in all three levels NPG Principal is accountable for connections provided by NPG NPG functional infrastructure is protocol based, but may be all human, all automated or some combination evolving

Thanks for listening Questions? – Some that might be good to discuss Is it really necessary for NPG to have its own principal Can the same topology service be used by multiple NPGs? What are the steps NSI needs to do to implement the concepts in this talk? Who else needs to be involved?