1. Accessor Issues in the Access Bind PIB Freek Dijkstra Utrecht University, the Netherlands

2. dec 14, 2001Auth PIB Accessor Issues2/17 Goal Make you familiar with datastructure of the Access Bind PIB. Make you aware of the dependency of the draft on other documents.

3. dec 14, 2001Auth PIB Accessor Issues3/17 Talk Outline Introduction of keywords and physical model. Discuss how and when new sessions are created. Explain how this is implemented in our model. Tell about other drafts where our data- structure refers to. Conclusion.

4. dec 14, 2001Auth PIB Accessor Issues4/17 Device Names Access request Access decision Access notification time USERUSER PEPPEP PDPPDP USER=Requester of the services PEP=Policy Enforcement Point (a NAD, Network Access Device, in AAA-terminology) PDP=Policy Decision Point (an AAA-Server) Access PIB

5. dec 14, 2001Auth PIB Accessor Issues5/17 Definitions PEP = Policy Enforcement Point PDP = Policy Decision Point Sessions are created when an authentication dialogue starts PIB = Policy Information Base PRC, PRI, PRID = Part of PIB: Provisioning class, -instance, -identifier Accessor = A table in our PIB

6. dec 14, 2001Auth PIB Accessor Issues6/17 Connection Steps PEP notices user traffic/access request Access request to PDP Retrieve PEP knowledge about the user Credential negotiation (not shown) Provision PEP with policies Access decision (approval or denial) Access decision notification to user Usage of service time USERUSER PEPPEP PDPPDP

7. dec 14, 2001Auth PIB Accessor Issues7/17 Capability Exchange Access request Access decision Access notification time USERUSER PEPPEP PDPPDP Access PIB “Behaviour” “Capabilities”

8. dec 14, 2001Auth PIB Accessor Issues8/17 Accessor The Accessor table: … Is installed in the PEP by the PDP. Specifies when a new session is created. Specifies what information to sent along with a new authentication request. Specifies how to retrieve this information (using which authentication protocol: PAP, CHAP, EAP-MD5, EAP-TLS, etc.).

9. dec 14, 2001Auth PIB Accessor Issues9/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter DataPath PIB Datastructure Accessor Element Accessor ContextData AccessorAuthProtocol

10. dec 14, 2001Auth PIB Accessor Issues10/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter ContextData DataPath PIB Datastructure AuthProtocol Accessor Element Accessor AccessorAuthProtocol

11. dec 14, 2001Auth PIB Accessor Issues11/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter ContextData DataPath PIB Datastructure AuthContext Accessor Element Accessor AccessorAuthProtocol

12. dec 14, 2001Auth PIB Accessor Issues12/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter ContextData DataPath PIB Datastructure ElmRef Accessor Element Accessor AccessorAuthProtocol

13. dec 14, 2001Auth PIB Accessor Issues13/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter ContextData DataPath Accessor Accessor Element PIB Datastructure ElementScope AccessorAuthProtocol

14. dec 14, 2001Auth PIB Accessor Issues14/17 SessionScope ContextData AccessorAuthProtocol Filter SessionScope Filter ContextData DataPath Accessor PIB Datastructure Accessor Element AccessorAuthProtocol

15. dec 14, 2001Auth PIB Accessor Issues15/17 Framework PIB Filters IP filter 802 filter Internal label filter

16. dec 14, 2001Auth PIB Accessor Issues16/17 Conclusion Our model is potentially powerful; It can support any kind of trigger to create new sessions. We depend on other framework PIBs which may or may not need be sufficient. There should go some effort in those as well, and that is out of scope of our draft, but in scope of the IETF in general.

17. Freek Dijkstra Utrecht University, the Netherlands

18. dec 14, 2001Auth PIB Accessor Issues18/17 PEP meter 17.0.0.0/8 other 17.1.13.15 17.5.8.1 17.1.2.4

19. dec 14, 2001Auth PIB Accessor Issues19/17 Example: Wireless

20. dec 14, 2001Auth PIB Accessor Issues20/17 Example: Dial-up

21. dec 14, 2001Auth PIB Accessor Issues21/17 Example: LAN

22. dec 14, 2001Auth PIB Accessor Issues22/17 Example: HTTP

23. dec 14, 2001Auth PIB Accessor Issues23/17 Example: Pizza phone orders