Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

Slides:

Advertisements

Similar presentations

Authentication Authorization Accounting and Auditing

Advertisements

Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.

Efficient XML Interchange What is it? Why is it? How does it fit in?

Introduction to Databases

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Data - Information - Knowledge

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

Visual Web Information Extraction With Lixto Robert Baumgartner Sergio Flesca Georg Gottlob.

Chapter3: Language Translation issues

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.

File Exchange Format for Vital Signs, ENV and its use in Electronic Interchange of Polysomnography Data Alpo Värri Institute of Signal Processing,

XML(EXtensible Markup Language). XML XML stands for EXtensible Markup Language. XML is a markup language much like HTML. XML was designed to describe.

Chapter 9 Classification And Forwarding. Outline.

I2b2 grid integration with Ontology Mapper

RIZWAN REHMAN, CCS, DU. Advantages of ORDBMSs  The main advantages of extending the relational data model come from reuse and sharing.  Reuse comes.

MPEG-2 Transport streams tMyn1 MPEG-2 Transport streams The MPEG-2 Systems Standard specifies two methods for multiplexing the audio, video and other data.

UML Class Diagrams: Basic Concepts. Objects –The purpose of class modeling is to describe objects. –An object is a concept, abstraction or thing that.

1 Web Services Security XML Encryption, XML Signature and WS-Security.

1 Web Based Programming Section 6 James King 12 August 2003.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Object and component “wiring” standards This presentation reviews the features of software component wiring and the emerging world of XML-based standards.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Chapter 6 Wide Area Networking Concepts, Architectures, & Services.

(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

COP 4620 / 5625 Programming Language Translation / Compiler Writing Fall 2003 Lecture 3, 09/11/2003 Prof. Roy Levow.

Engineering 5895: Software Design 9/11/01Class Diagrams 1.

XML for Text Markup An introduction to XML markup.

William Stallings Data and Computer Communications

Netprog: Corba Object Services1 CORBA 2.0 Object Services Ref: The Essential Distributed Objects Survival Guide: Orfali, Harky & Edwards.

BZUPAGES.COM Presentation On SWITCHING TECHNIQUE Presented To; Sir Taimoor Presented By; Beenish Jahangir 07_04 Uzma Noreen 07_08 Tayyaba Jahangir 07_33.

Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

Shminder Singh Marquese Carter Ethan Bowyer.  What is SOAP?  Example SOAP Code.  SOAP Characteristics.  Use for SOAP.  Advantages.  Disadvantages.

S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.

Advanced Network Protocols CSCI 5132 Chapter 30 Simple Network Management Protocol By Chetan Singh Haaris Sheikh Lakshmi Menon Kavita Sarma.

Kemal Baykal Rasim Ismayilov

PART3 Data collection methodology and NM paradigms 1.

RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.

By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

Web Technologies Lecture 10 Web services. From W3C – A software system designed to support interoperable machine-to-machine interaction over a network.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

Working with XML. Markup Languages Text-based languages based on SGML Text-based languages based on SGML SGML = Standard Generalized Markup Language SGML.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.

SEMI-STRUCTURED DATA (XML) 1. SEMI-STRUCTURED DATA ER, Relational, ODL data models are all based on schema Structure of data is rigid and known is advance.

YANG Background and Discussion: Why we need a new language for NETCONF configuration modeling The YANG Gang IETF 70 Vancouver, Canada.

March 2007RBridge Extensions1 RBridge Protocol Extensions and the Inner Q-tag Location Donald Eastlake 3rd

1 Management Information Systems M Agung Ali Fikri, SE. MM.

IP Security (IPSec) Encapsulating Security Payload (ESP) Dr Milan Marković.

Chapter 27 Network Management Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.

Network Models.

Informing AAA about what lower layer protocol is carrying EAP

ASN.1: Introduction Zdeněk Říha.

Presented By: Prof. D.W.Chadwick Other Author: D.Mundy

Module 4 Remote Login.

ECE 544 Protocol Design Project 2016

A change of paradigm: how does Distributed Ledger fit with existing standards? Distributed Ledger technology offers a single, consistent and shared view.

TRANSMISSION CONTROL PROTOCOL

Using NFFI Web Services on the tactical level: An evaluation of compression techniques 13th ICCRTS: C2 for Complex Endeavors Frank T. Johnsen.

BPSec: AD Review Comments and Responses

Presentation transcript:

Some Thoughts on Data Representation 47th IETF AAAarch Research Group David Spence Merit Network, Inc.

Survey of Existing Protocols RADIUS –Simple attributes COPS –Structured objects DIAMETER –Groupings of attributes using tagging SNMP –ASN.1 BER

Structured vs. Grouped Objects Structured objects derive from data structures in programming. Groupings of objects is somewhat broader. –Group according to interrelations among the data. –Group for routing (forwarding) purposes. –Group for security. Object level encryption Digital signatures Different groups can be protected with different keys because the objects in the group where generated by or destined to different parties.

The Value of a Structure Identifier Structured objects usually contain an object identifier that identifies the whole object. Object grouping techniques may not support the notion of a group identifier. Example: A structured “port” object with several fields vs. a group of simple attributes that describe a port.

Fixed vs Flexible Data Organization An advantage of structured objects is that the structure can be defined and fixed in advance. –If port speed is a field of the port object, then you know that the information will be available to you. A disadvantage of structured objects is that there may be no provision for optional fields. Structured objects can be made more flexible by providing for optional fields.

The Need to Support Nested Groupings Object groupings are usually very flexible in terms of what may be included in a group. But sometimes there isn’t much structure. –What objects must belong to a group? –What objects may belong to a group? –There may be only one level of nesting. Example: Diameter supports grouping through the use of a tag field in the attribute header. –Only one tag field implies only one level of nesting.

Some Other Techniques for Grouping Objects Encapsulation –Can support multiple levels of nesting. –The group itself can be given an object identifier. –Rules as to which objects must and may be included in a group object allow the advantages of structured objects to be realized with grouping. Markers –Include begin and end group markers in the object stream like parentheses. –Markers can be nested like parentheses. –The begin marker could include a group identifier field.

Structuring vs. Grouping: Conclusions The concepts are different, and they naturally lend themselves to different uses. Realization techniques may be powerful enough for the two concepts to provide overlapping functionality. It might be a good idea for a next generation AAA protocol to support both ideas.

Self-Defining Syntax Distinction between gross and fine syntax definition. RADIUS is grossly self-defining in that it is possible to skip over an attribute that you don’t understand. For purposes of this discussion, however, RADIUS is not self-defining.

Examples of Self-defining Syntax ASN.1 XML Corba

Is it useful to have self-defining Syntax without self-defining Semantics? Argument: The consumers of AAA data must understand the semantics of the data in order to process it. If you have to code the semantics, then you can code the syntax. (Exception: Yes, it should be possible to skip over objects you don’t understand.)

But some consumers may not need to understand the semantics. Data Display Policy Decision Point

Conclusion Self-defining syntax may be useful for some purposes. But there is a cost! –More bytes on the wire bandwidth hog storage hog –More complicated implementation

Alternatives to Self-defining Syntax Full self-defining vs. some objects that are self- defining Another alternative is to standardize the definitions of objects. –Defining authorities could make object definitions available in a standardized, formal syntax that could be machine- readable. –This makes it possible for a server to support new objects (syntactically, at least) without needing to add code. –The overhead of transmitting and storing the object syntax is eliminated.

A Strawman Statement of Requirements for Data Representation in AAA Protocols An AAA protocol should represent data in a way that can be both simple and powerful. An AAA protocol should conceptually support named, structured objects. An AAA protocol should conceptually support the definition of complex objects with mandatory and optional fields.

An AAA protocol should support arbitrary groupings of objects. It should be possible to apply security features to groups of objects. It should be possible to make message forwarding decisions about groups of objects without knowledge of the syntax or semantics of the objects comprised by the group. It should be possible to encode AAA objects in a compact form even if less compact forms are also supported. It should be possible to encapsulate arbitrary data from other protocols within an AAA protocol.