Presentation is loading. Please wait.

Presentation is loading. Please wait.

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,"— Presentation transcript:

1 IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903, 2904, 2905, 2906

2 Basic AAA Service perspective: –Who is it who wants to use my resource »Establish security context –Do I allow him to access my resource »Create a capability / ticket /authorization –Can I track the usage of the resource »Based on type of request (policy) track the usage User perspective –Where do I find this or that service –What am I allowed to do –What do I need to do to get authorization –What does it cost Intermediaries perspective –Service creation –Brokerage / portals Organizational perspective –What do I allow my people to do –Contractual relationships (SLA’s)

3 Roles GEANT/DANTE SURFnetDFN SWITCH REDIRIS USERUSER USERUSER USERUSER USERUSER UNI USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER USERUSER

4 USERUSER UHO AAA Provider AAA Service 1 4 3 2 5 3 Authorization Models AGENT USERUSER UHO AAA Provider AAA Service 1 4 2 3 5 4 1 PULL USERUSER UHO AAA Provider AAA Service 1 4 5 4 2 3 PUSH

5 Generic AAA server Rule based engine Application Specific Module Policy Data 2 11 3 Service 5 Starting point PDP PEP 4 Accounting Metering 3 4’ 5 Acct Data API Policy Data 3

6 Multi domain case

7 Basic principles Principles of Generic AAA 1.Three building blocks: 1. RBE 2. ASM 3. Service Equipment 2.There is a global address space between the RBE and the ASM. 3.There is only generic stuff in the RBE and all the application specific stuff is in the ASMs. 4.The relationship between AAA servers is symmetric. 5.Different servers may have different capabilities.

8 Message types Service request/reply Authorization request/reply Solicit Service Offer request/reply Authentication request/reply Authentication Challenge request/reply Policy request/reply Policy Evaluation request/reply Data request/reply Event Log indication/confirmation Accounting indication/confirmation Service (session) Configuration indication/confirmation Service (session) Management indication/confirmation Capability request/reply (supports resource discovery)

9 Top Level Objects Identity Authentication Data Authentication Challenge Service Data Service Offer Answer Error Policy –[service specification policy, authorization policy, provisioning policy, configuration policy, accounting policy, metering policy] Policy Reference Policy Data Configuration Data Service Management Accounting Event

10 Issues Relationships in pictural model Type 1 - 7 communication Internal structure in model Global addressing space Refine layered model Scalable aaa server model

11 Research Group - info Research Group Name: AAAARCH - RG Chair(s) –John Vollbrecht -- jrv@interlinknetworks.com –Cees de Laat -- delaat@phys.uu.nl Web page –www.irtf.org –www.phys.uu.nl/~wwwfi/aaaarch Mailing list(s) –aaaarch@fokus.gmd.de –For subscription to the mailing list, send e-mail to majordomo@fokus.gmd.de with content of message subscribe aaaarch end –will be archived, retrieval with frames and in plain ascii: »http://www.fokus.gmd.de/glone/research/aaaarch/ »http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current »ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current

12

Download ppt "IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,"

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.

Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.
Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.
Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.
Web Services Architecture An interoperability architecture for the World Wide Service Network.

Web Services Architecture An interoperability architecture for the World Wide Service Network.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.

NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.
Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.

Notification Explosion Calendaring –You have a new meeting request –Your meeting begins in 15 minutes SIP –Hello HTTP/WebDAV –A resource you want to edit.
TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.

TF-NGN AAA research Cees de Laat 1 of 10 Utrecht University.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.

Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Sharmistha Chatterjee 82349D 82349D Helsinki University of Technology Instant Messaging and Presence with SIP.

Sharmistha Chatterjee 82349D 82349D Helsinki University of Technology Instant Messaging and Presence with SIP.
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Similar presentations

Ads by Google