Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAAARCH Research Group A grammar for Policies in a generic AAA Environment A. Taal G. Sliepen A.E. Hemel C.T.A.M. de Laat.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "AAAARCH Research Group A grammar for Policies in a generic AAA Environment A. Taal G. Sliepen A.E. Hemel C.T.A.M. de Laat."— Presentation transcript:

1 AAAARCH Research Group A grammar for Policies in a generic AAA Environment A. Taal G. Sliepen A.E. Hemel C.T.A.M. de Laat

2 Changes References: AVPs --> Objects AAA Message Types No type checking

3 Object references if ( Query = getPassword( userid = Request.Identity.UserID ) && Request.Identity.PassW == Query.PassW ) then( … ) else( … ) PassW Request Identity

4 Request ServiceReply Answer ServiceData // Action list A1 = getSwitchSettings( ) ; A2 = getConnectionList( ) ; A1. Connections = A2.Connections ; Reply.ServiceData.Settings = A1

5 Object trees A B C D P Q R S A.B = P A.B = K.L.M leaf: int | float | string E A B D E A B D E Q R S

6 AAA Message Types Request Reply Authentication Identity AuthenticationData Answer PolicyRef (remote AAA server): Reply = Authentication@ 146.50.0.23 ( Identity = Request.Identity, AuthenticationData = Request.AuthenticationData ) ! One-to-one mapping Requests Driving Policies

7 AAA Message Types Request Reply Policy Evaluation PolicyReference …….. Answer ServiceData A1 = PolicyEvaluation@ 146.50.0.23 ( PolicyReference = “policy_23” ) A2 = PolicyEvaluation@ 146.50.0.23 ( PolicyReference = “policy_117” ) ! A1.ServiceData  A2.ServiceData

8 Local policy reference: PolicyRef versus FunctionCall PolicyRef : policy_71 @ 127. 0.0.1 ( data1 = “Yes”, data2=12 ) policy_71 @ localhost ( data1 = “Yes”, data2=12 ) FunctionCall: evaluate( ref = “policy_71”, data1 = “Yes”, data2=12 )

9 No type checking ComputedBoolean: ( INT Request.Data.Bandwidth / INT Data.Fraction < 20 ) JavaScript: var a, b, c; a = 3; b = “yeah”; c = a / b; alert( “c=“+c);==> c=NaN Perl: $a; $b; $c; $a = 3; $b = “yeah”; $c = $a / $b;==> Illegal division …

10 Example Driving Policy KERBEROS Authentication: if ( if( exists Request.AuthenticationData.Protocol.Name ) then( ) else ( Reply.Answer.Type = MISSING_DATA ; Reply.Answer.Message = "Missing Protocol.Name" ) && if( Request.AuthenticationData.Protocol.Name == "Kerberos" ) then( ) else ( Reply = Authentication@146.50.0.23( Identity = Request.Identity, AuthenticationData = Request.AuthenticationData ) ) ) then ( // Next slide )

11 Example Driving Policy then ( // Action if ( exists Request.Identity.UserName && … ) then ( KRBReply = authenticate( username = Request.Identity.UserName, servername = … ) ; HE/SHE IS KNOWN!!!! Reply.Answer.AuthenticationData.SessionKey = KRBReply.SessionKey ; … ) else ( Reply.Answer.Type = MISSING_DATA ; Reply.Answer.Message = "AuthenticationData incomplete” ) ;... ) else (... )

12 To do AAA message types Definition of top level objects generic AAA functions return trees generic ASMs return trees pushed / pulled policy treatment

13 Exception handling Parallelism ( Actions, remote references ) To do or to do not

Download ppt "AAAARCH Research Group A grammar for Policies in a generic AAA Environment A. Taal G. Sliepen A.E. Hemel C.T.A.M. de Laat."

Similar presentations

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.

AAA Architecture Use of a AAA Server Application Specification to Support Generic AAA Applications Across a Mesh of Interconnected AAA Servers With Policy.
Kathleen Fisher cs242 Reading: “A history of Haskell: Being lazy with class”,A history of Haskell: Being lazy with class Section 6.4 and Section 7 “Monads.

Kathleen Fisher cs242 Reading: “A history of Haskell: Being lazy with class”,A history of Haskell: Being lazy with class Section 6.4 and Section 7 “Monads.
Divisor máximo de dois inteiros. unsigned int gcd(unsigned int A, unsigned int B) { if (B > A) return gcd(B,A); else if (B==0) return A; else return gcd(B,A%B);}

Divisor máximo de dois inteiros. unsigned int gcd(unsigned int A, unsigned int B) { if (B > A) return gcd(B,A); else if (B==0) return A; else return gcd(B,A%B);}
1 Top-k Spatial Joins

1 Top-k Spatial Joins
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Draft-irtf-aaaarch-aaa-pol-00.txt Joe Salowey Guus Sliepen David Spence

Draft-irtf-aaaarch-aaa-pol-00.txt Joe Salowey Guus Sliepen David Spence
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
PHP Intro/Overview Squirrel Book pages 33-87. Server-side Scripting Everything you need to know in one slide 1.Web server (with PHP “plug-in”) gets a.

PHP Intro/Overview Squirrel Book pages Server-side Scripting Everything you need to know in one slide 1.Web server (with PHP “plug-in”) gets a.
The Definition of a Group!!! Come to the talk today!!!!! Statistics Val 103 3:30 – 4:15.

The Definition of a Group!!! Come to the talk today!!!!! Statistics Val 103 3:30 – 4:15.
Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.

Policy-based Accounting Draft Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Institute for Information Technology Competence Center.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903, 2904, 2905,
Section 4.3: Conditions and Conditional Functions.

Section 4.3: Conditions and Conditional Functions.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat www.aaaarch.org RFC 2903, 2904, 2905,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: J. Vollbrecht and C. de Laat RFC 2903, 2904, 2905,
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,

Similar presentations

Ads by Google