11 December, 200049th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.

Slides:



Advertisements
Similar presentations
Authentication Authorization Accounting and Auditing
Advertisements

Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Layer 2 Tunneling Protocol (L2TP)
Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.
OBGP: A mechanism for optical peering and lightpath trading George M. Porter Sahara Retreat UC Berkeley January 2002.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
SERVER LOAD BALANCING Presented By : Priya Palanivelu.
Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000.
1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.
1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
1 CHEETAH software OCS/AAA module Routing decision module Signaling module VLSR module Include TL1 proxy for Cisco MSPP Router disconnect module.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
Krerk Piromsopa. Advance Net-Centric Computing Technology Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.
Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.
11 KDDI Trial Hub & Spoke Shu Yamamoto Carl Williams Hidetoshi Yokota KDDI R&D Labs.
Common Devices Used In Computer Networks
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
©2009 Check Point Software Technologies Ltd. All rights reserved. [Confidential]—For Check Point users and approved third parties SmartWorkflow Change.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
IETF70 DIME WG1 ; ; Diameter Routing Extensions (draft-tsou-dime-base-routing-ext.
IETF65 DIME WG V. Fajardo, A. McNamee, J. Bournelle and H. Tschofenig Diameter Inter Operability Test Suites (draft-fajardo-dime-interop-test-suite-00.txt)
AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.
A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and.
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks IETF 66 - ANCP WG July 9-14, 2006 draft-ooghe-ancp-framework-00.txt.
IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.
1 sip-aaa-req.PPT/ 16 Jul 2002 / John Loughney SIP-AAA Requirements John Loughney Gonzalo Camarillo IETF 54.
1 © NOKIA FILENAMs.PPT/ DATE / NN AAA-SIP Requirements Current draft: draft-loughney-sip-aaa-req-00.txt draft-calhoun-sip-aaa-reqs-04.txt may not be updated.
Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.
Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.
MIP6 WG IETF-68 Service Selection for Mobile IPv6 draft-korhonen-mip6-service-01 March, 2007 Jouni Korhonen, Ulf Nilsson, Vijay Devarapalli.
1/13 draft-carpenter-nvo3-addressing-00 Brian Carpenter Sheng Jiang IETF 84 Jul/Aug 2012 Layer 3 Addressing Considerations for Network Virtualization Overlays.
Module 3 l Objectives –Identify the security risks associated with specific NT Services –Understand the risk introduced by specific protocols –Identify.
Content Distribution Internetworking IETF BOF December 12, 2000 Phil Rzewski Gary Tomlinson.
DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.
IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)
Trust Router Overview IETF 86, Orlando, FL Routing Area Meeting Margaret Wasserman
WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Authentication, Authorisation and Accounting in a Distributed Multimedia Content Delivery System Mirosław Czyrnek
Extension of the MLD proxy functionality to support multiple upstream interfaces 1 Luis M. Contreras Telefónica I+D Carlos J. Bernardos Universidad Carlos.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
Some basics of a AAA Control model
IP Telephony (VoIP).
Module 3: Enabling Access to Internet Resources
Module Overview Installing and Configuring a Network Policy Server
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
Federated IdM Across Heterogeneous Clouding Environment
Working at a Small-to-Medium Business or ISP – Chapter 7
Lame DNS Server Sweeping
Pervasive Data Access (PDA) Research Group
Working at a Small-to-Medium Business or ISP – Chapter 7
Distributed Content in the Network: A Backbone View
Network Fundamentals – Chapter 4
Working at a Small-to-Medium Business or ISP – Chapter 7
An Update on Multihoming in IPv6 Report on IETF Activity
James Cowling Senior Technical Architect
Azure Active Directory (AAD)
Presentation transcript:

11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton

11 December, th IETF, AAA WG2 Proxy Issues draft-ietf-aaa-issues-04.txt - Section 6 Proxy Behavior Details State Retention Mechanisms Action List Define terms Investigate Proxy state AVPs Investigate End-to-End issues

11 December, th IETF, AAA WG3 Why are there proxies? Proxies are useful for several reasons:  They can distribute administration of systems to a configurable grouping, including the maintenance of security associations,  They can be used for concentration of requests from an number of co-located or distributed NAS equipment sets to a set of like user groups  They can do value-added processing to the requests or responses  They can used for load balancing,  A complex network will have multiple authentication sources, they can sort requests and forward towards the correct target

11 December, th IETF, AAA WG4 Types of Proxies Routing Proxies Policy Proxies Broker Proxies Translation Gateways

11 December, th IETF, AAA WG5 Routing Proxies Forward requests to appropriate targets –NAI parse and server lookup –Aggregate management for multiple NAS POP –Can be security holder for multiple NASes –Can be stateless

11 December, th IETF, AAA WG6 Policy Proxies Value added management using AAA stream Often used to manage dynamic resource allocation across NASes –eg. Call control center, port balancing

11 December, th IETF, AAA WG7 Broker Proxies A go-between for administrative domains –matches a request from an access ISP with the provider network –subscribed services; each party signs up, service aggreement in place –security information for contact points

11 December, th IETF, AAA WG8 State Taxonomy Issues often bring up “state” –Message State - getting the message to your peer –Transaction State - tracking the request and response –Session State - tracking the active session –Global State - tracking sessions across multiple sources

11 December, th IETF, AAA WG9 Problems that Proxies bring up Transactional Reliability - Acks and feedback at some level Failover and Recovery management Graceful Shutdown Congestion Potential

11 December, th IETF, AAA WG10 More Proxy Problems Integrity of Accounting Data Visibility of data Message Filtering between Admin Domains

11 December, th IETF, AAA WG11 Summary Please comment on draft-ietf-aaa-proxies-01.txt Currently on

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.