Multihop Federations & Trust Router draft-mrw-abfab-multihop-fed-02.txt draft-mrw-abfab-trust-router-01.txt Margaret Wasserman

Slides:



Advertisements
Similar presentations
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
Advertisements

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman
Secure Network Bootstrapping Infrastructure May 15, 2014.
Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.
Computer Science 6390 – Advanced Computer Networks Dr. Jorge A. Cobb How to provide Inter-domain multicast routing? PIM-SM MSDP MBGP.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
Adaptive Web Caching: Towards a New Caching Architecture Authors and Institutions: Scott Michel, Khoi Nguyen, Adam Rosenstein and Lixia Zhang UCLA Computer.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
Routing.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
ROUTING ON THE INTERNET COSC Aug-15. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
Open Shortest Path First (OSPF) -Sheela Anand -Kalyani Ravi -Saroja Gadde.
DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Ad-hoc On-Demand Distance Vector Routing (AODV) and simulation in network simulator.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.
Dynamic Virtual Networks (DVNE) Margaret Wasserman & Paddy Nallur November 11, 2010 IETF Beijing, China.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
WIRELESS AD-HOC NETWORKS Dr. Razi Iqbal Lecture 6.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal about multiple IS domains Date Submitted: May 8, 2007 Presented at IEEE.
Draft-ietf-abfab-aaa-saml Josh Howlett IETF 90. Remaining issues (recap from IETF 89) SAML naming of AAA entities The focus of this presentation Alejandro.
1 University of California, Irvine Done By : Ala Khalifeh (Note : Not Presented)
Routing protocols. Static Routing Routes to destinations are set up manually Route may be up or down but static routes will remain in the routing tables.
KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.
Dynamic Routing Protocols II OSPF
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.
Lightweight Key Establishment & Management Protocol (KEMP) in Dynamic Sensor Networks Update draft-qiu-roll-kemp-01 Ying QIU, Jianying ZHOU, Feng BAO.
Chapter 25 Internet Routing. Static Routing manually configured routes that do not change Used by hosts whose routing table contains one static route.
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Extensions to PCEP for Hierarchical Path Computation Elements PCE draft-zhang-pcep-hierarchy-extensions-00 Fatai Zhang Quintin Zhao.
Draft-chandra-ospf-manet-ext-01.txtIETF 60 draft-chandra-ospf-manet-ext-01.txt IETF 60.
Single Area OSPF Module 2, Review How routing information is maintained Link-state routers apply the Dijkstra shortest path first algorithm against.
Trust Router Overview IETF 86, Orlando, FL Routing Area Meeting Margaret Wasserman
Project Moonshot Daniel Kouřil EGI Technical Forum
CSE 421 Computer Networks. Network Layer 4-2 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside.
Draft-howlett-abfab-trust-router-ps ABFAB, IETF83 Josh Howlett & Margaret Wasserman.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.
Dynamic Routing Protocols II OSPF
Instructor Materials Chapter 5: Dynamic Routing
Diagnosing PIM Protocol States PIM Working Group
Goals of soBGP Verify the origin of advertisements
COMP 3270 Computer Networks
Link-State Routing Protocols
Network Services Interface
THE NETWORK LAYER.
Routing.
Chapter 5: Dynamic Routing
UNICAST ROUTING PROTOCOLS
Static and Default Routing
Appropriate Access InCommon Identity Assurance Profiles
Routing.
Presentation transcript:

Multihop Federations & Trust Router draft-mrw-abfab-multihop-fed-02.txt draft-mrw-abfab-trust-router-01.txt Margaret Wasserman

Multihop Federations Drafts describe a mechanism for establishing trust across a multihop ABFAB federation – Where not all AAA Clients and Servers are connected via a single AAA server – Replaces current multihop AAA substrate that requires manual configuration at every hop Introduces a new ABFAB entity called the Trust Router – Trust router and KNP are combined to provide support for multihop federations

Trust router protocol eu usca uk Announce eduroam: ja.net ja.net

Trust router RADIUS substrate Trust Router allows path selection through the AAA fabric Eliminates need for manual configuration at each hop AAA client AAA server Relying party domain Identity Provider domain

Community of Interest (CoI) Conceptually: A set of users (Principals) and Services Technically: Set of IdPs, Relying Parties and Trust Routers Each CoI results in a separate routing tree, as paths must traverse nodes that are part of the right community Desire to support many Communities of Interest using a shared set of infrastructure and credentials Dynamic Trust Router makes it practical to support many Communities of Interest that come and go through a lightweight creation process

Trust Link A Trust Link represents an available KNP hop between a Trust Router and and another Trust Router or a AAA Server A Trust Link is an assertion that a Trust Router is willing to provide temporary identities to access another element in the ABFAB system – Another Trust Router – Or a AAA Server (Radius, RadSec or Diameter) Shown as a realm name and realm name (type), separated by an arrow – A->B(T) indicates there is a Trust Link from realm A to a Trust Router in realm B – ja.net -> oxford.ac.uk(R) indicates there is a Trust Link from ja.net to a AAA Server in oxford.ac.uk

Trust Path A Trust Path is a series of KNP hops that can be used to reach a AAA server in a destination realm Each hop across the substrate is called a Trust Link Shown as series of realms and types, connected by arrows – Currently defined types are Trust Router (T) or AAA Server (R) – Example: A -> B(T) -> C(T) -> D(T) -> D(R)

Trust Router Functions Trust Router Protocol – Distributes information about available Trust Links in the network – Calculates a tree of Trust Paths to reach target destinations Trust Path Query – Provide “best” path to a destination realm in response to queries from local RPs Temporary Identity Request – Provision temporary identities that RPs can use to reach the next hop in the Trust Path, in response to KNP requests from RPs

Trust Router Protocol Exchange information about Trust Links between Trust Routers – Trust Links are unidirectional and of a specific type A -> B(T) does not imply A -> B(R), B -> A(T) or B -> A(R) – Realm names are not necessarily hierarchical, but they may be example-u.ac.uk is not necessarily reached via.uk or.ac.uk Tree of available Trust Paths rooted in local realm is calculated by each Trust Router

Trust Router Messages Hello Message – Exchanged between neighboring Trust Routers to establish adjacency and perform authentication Trust Link Database Message – Used to send a full database when needed Trust Link Update Message – Used to send incremental database updates All messages encoded in JSON over TCP, with GSS- API-based security

Compact Tree Representation Trees (and subtrees) are represented as an ordered list of Trust Links (depth first traversal) Each entry contains – Index: Depth of this node in the tree – Target Entity: Type and Target of this link – CoIs: The CoIs to which this link applies Start of link is implied by location in the tree

Trust Path Query Generated by an RP to request a Trust Path to reach a AAA server in a destination realm When a Trust Path Query is received, the Trust Router: – Authenticates the RP, and checks local policy to determine whether or not to reply – Searches its tree of Trust Paths to find the best path to reach the destination – Returns the best path, if found, to the RP

Questions? Feedback? Questions about what we are proposing? Feedback on this proposal? Next Steps: – WG Chairs have suggested that we start with a problem statement document. Thoughts? – Who is interested in helping us with this work? Review documents, contribute text, etc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.