Www.datatag.org The concepts of Generic AAA are described in RFC2903 [1] (Generice AAA Architecture) and RFC2904 [2] (Authorization Framework). Several.

Slides:



Advertisements
Similar presentations
Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.
Advertisements

Generic AAA* based Bandwidth on Demand EVL at UIC meeting Leon Gommans
© 2006 Open Grid Forum Network Services Interface Introduction to NSI Guy Roberts.
Oct, 26 th, 2010 OGF 29, FVGA-WG: Firewall Virtualization for Grid Applications Firewall Virtualization for Grid Applications - Status update
8/10/2001GGF - 3 / Leon Gommans - UvA1 Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001.
Connect communicate collaborate A Network Management Architecture proposal for the GEANT-NREN environment Pavle Vuletić, Afrodite Sevasti TNC 2010, ,
Multi-Domain Lightpath Authorization Architecture using Tokens By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Yuri Demchenko,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
Feb On*Vector Workshop Semantic Web for Hybrid Networks Dr. Paola Grosso SNE group University of Amsterdam The Netherlands.
2 Object-Oriented Analysis and Design with the Unified Process Objectives  Explain how statecharts can be used to describe system behaviors  Use statecharts.
Gap Analysis of Simplified Use of Policy Abstractions (SUPA) Presenter: Jun Bi draft-bi-supa-gap-analysis-02 IETF 92 SUPA BoF Dallas, TX March 23, 2015.
An authorization control framework to enable service composition Takashi Suzuki, Randy H. Katz EECS Department University of California, Berkeley {tsuzuki,
Architecture is More Than Just Meeting Requirements Ron Olaski SE510 Fall 2003.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
Satzinger, Jackson, and Burd Object-Orieneted Analysis & Design
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,
Course Instructor: Aisha Azeem
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
Trust Framework for Multi-Domain Authorization Internet2 Spring Meeting Arlington April 25 th 2012 Leon Gommans:
1 Introducing the Specifications of the Metro Ethernet Forum.
© Drexel University Software Engineering Research Group (SERG) 1 Based on the paper by Philippe Kruchten from Rational Software.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
Mihir Daptardar Software Engineering 577b Center for Systems and Software Engineering (CSSE) Viterbi School of Engineering 1.
Mobile Topic Maps for e-Learning John McDonald & Darina Dicheva Intelligent Information Systems Group Computer Science Department Winston-Salem State University,
Architecting Web Services Unit – II – PART - III.
OPTICAL ANSWERS TO GRID QUESTIONS Karen McPherson C.S. Major Radford University.
SOFTWARE DESIGN.
Cracow Grid Workshop, October 27 – 29, 2003 Institute of Computer Science AGH Design of Distributed Grid Workflow Composition System Marian Bubak, Tomasz.
Service Oriented Architectures Presentation By: Clifton Sweeney November 3 rd 2008.
© 2002, Cisco Systems, Inc. All rights reserved..
Generic AAA* based Bandwidth on Demand MB-NG workshop UCL London 20/02/2003 Leon Gommans Advanced Internet Research Group University of Amsterdam
PART II BoD server prototype Implementation & technical details MB-NG UCL 20/21 - Feb Bas van Oudenaarde Advanced Internet Research Group.
1 Policy-based architecture. 2 Policy management view of the architecture IP MMed domain is a converged services domain where voice, video, data are provided.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
A Throttling Layer-7 Web Switch James Furness. Motivation & Goals Specification & Design Design detail Demonstration Conclusion.
OGF DMNR BoF Dynamic Management of Network Resources Documents available at: Guy Roberts, John Vollbrecht.
Enterprise Integration Patterns CS3300 Fall 2015.
Chapter 6 – Architectural Design Lecture 1 1Chapter 6 Architectural design.
Independent Insight for Service Oriented Practice Summary: Service Reference Architecture and Planning David Sprott.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Design Reuse Earlier we have covered the re-usable Architectural Styles as design patterns for High-Level Design. At mid-level and low-level, design patterns.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.
Policy based co-allocation of connection oriented network resources using the principles of Generic AAA ON*VECTOR 3rd Annual Photonics Workshop San Diego.
Generic AAA* based Bandwidth on Demand UKERNA meeting Amsterdam 24/04/2003 Leon Gommans Advanced Internet Research Group University of Amsterdam
Policy Modeling in a PBM Architecture 6WIND / Euronetlab
AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.
Introduction to Service Orientation MIS 181.9: Service Oriented Architecture 2 nd Semester,
Multi-domain provisioning of Lower Layer Network Transports based on Generic AAA TERENA TF-AACE Workshop 21/11/03 Leon Gommans University of Amsterdam.
Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.
Some basics of a AAA Control model
Multi-layer software defined networking in GÉANT
CCNA 3 Chapter 10 Virtual Trunking Protocol
Architecting Web Services
Architecting Web Services
Grid Network Services: Lessons from SC04 draft-ggf-bas-sc04demo-0.doc
Integration of Network Services Interface version 2 with the JUNOS Space SDK
Firewalls and GMPLS Networks: A token based approach
AAA: A Survey and a Policy- Based Architecture and Framework
Chapter 5 SNMP Management
Chapter 5 SNMP Management
Presentation transcript:

The concepts of Generic AAA are described in RFC2903 [1] (Generice AAA Architecture) and RFC2904 [2] (Authorization Framework). Several group members of the Advanced Internet Research Group at University of Amsterdam are researching the Generic AAA principles in both a formal and empirical way. The outcome of this research is aimed at developing an Open Grid Services Architecture (OGSA) based open source toolkit for a J2EE platform that will enable application developers to incorporate Generic AAA functions as part of their workflow management. The research is funded both by the EU/IST DataTAG project and the Dutch National Research Network SurfNET. The research uses the problem of on demand provisioning of network connections abstracted as Grid Network Elements (NEs) across multiple administrative domains as a proof of concept. The research provides input towards standards bodies such as the IETF, IRTF and GGF. Principles of Generic AAA. Authorizations may be represented by requests and associated policy based decisions resulting in a reply or action. In our research authorizations are handled by Generic AAA system components. An authorization can be considered as a conditional right that shares a logic and semantic part. When exercised, this conditional right leads to a reply or action. In our research we clearly separate the logic and semantic concepts and handle them separately. The goal of this separation is to allow logical communication of authorization decisions in a distributed fashion without considering the semantic details. The semantic details are transported to parts within a specific domain that understand them. Only logic decisions are understood between domains. Below diagram presents the basic concepts around Generic AAA. The inner part of a Generic AAA system is called the Rules Based Engine (RBE) and consists of a part that is capable of processing policy rules that drive the system from a logic perspective. Application Specific Modules (ASMs) form the bridge between the logic inner world and the semantic outside world. ASMs are capable of translating logic policy decisions into meaningful actions that interface with the outside world. In the other direction, ASMs translate meaningful states or events into conditions that are evaluated within a particular policy rule. AAA requests are messages, when received by the RBE, fetch a corresponding driving policy rules that will evaluate the request and so determine the workflow that will lead to a policy decision and corresponding policy actions. Policy actions may result in replies or may drive event in the outside world. Users, ASMs from other Generic AAA systems or RBE's may generate AAA requests. ASM intervention is required when further semantic breakdown of a request is desired. These mechanisms will enable networks of AAA servers to evaluate a distributed set of policies. Individual administrative domains may independently and autonomously determine driving policies, thus enabling creation of flexible multi-domain authorization scenarios. Generic AAA based provisioning of Network Elements

Demonstration of Bandwidth on Demand service based on Generic AAA. A first version of a simple Bandwidth on Demand service based on Generic AAA concepts was demonstrated during iGrid2002 [3] and SC2002. We defined an AAA request message for a typical BoD request using XML and constructed a corresponding policy admitting the requestor. Our test bed consisted of two SNMP manageable 802.1Q VLAN switches, four hosts and an AAA server (see below figure). The AAA server controls both switches and is aware of the available capacity of the connection. Stations could request a VLAN to be uniquely provisioned between itself and any other station. First implementation was written using Java / servlet technologies. The current version uses a J2EE environment using SOAP/XML based messaging. References [1] RFC2903, Generic AAA Architecture, C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, D. Spence, Aug [2] RFC2904, AAA Authorization Framework, J. Vollbrecht, P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D. Spence, Aug 2000 [3] Authorization of a QoS Path based on Generic AAA Leon Gommans, Cees de Laat, Bas van Oudenaarde, Arie Taal, special issue of FGCS on the iGRID2002 conference, Amsterdam, September 2002

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.