Upload
daniella-keele
View
215
Download
3
Tags:
Embed Size (px)
Citation preview
TF-NGN AAA research
Cees de Laat
1 of 10
Utrecht University
Contents of this talkContents of this talk
• This space is intentionally left blank
2 of 10
Physics-UU to IPP-FZJ => 7 kingdoms
–Netherlands
»Physics dept
»Campus net
»SURFnet
–Europe
»TEN 155
–Germany
»WINS/DFN
»Juelich, Campus
»Plasma Physics dept
Multi Kingdom ProblemsMulti Kingdom Problems3 of 10
USAline
USAline
3 ms
• Jülich17 ms
2.5 ms
The need for AAAThe need for AAA
Enduser
R R R RRemoteservice
management
4 of 10
Kingdom N Kingdom N+1
BB
AAA AAA
BB
management
?
?
AAA
$$$
See IRTFAAA-ARCH
Research group
Policy based networking examplePolicy based networking example5 of 10
QuickTime™ and aCinepak decompressor
are needed to see this picture.
Experiment
Camera
Pc
Macintosh
Policybased
networkingswitchwith
> layer 4AAA
functionality
AAA
ASPASP
Layer 3/4Switch
InternetUser
ContentServer
AAA
ContentServer
AAA
ContentServer
AAA
AAA
BandwidthBroker
AAA
User-HomeOrganisation
AAA
FinancialOrganisation
AAA
ServiceProfiles
AAA
ASPISP's
6 of 11
RolesRoles7 of 12
SURFnet
PortalsBrokers
Content
Customers
University
NOB
Library
Hogeschool
QuickTime™ and aCinepak decompressor
are needed to see this picture.
RolesRoles
GEANT/DANTE
SURFnet DFN SWITCH REDIRISREDIRISREDIRISREDIRIS
USER
USER
USER
USER
UNIUNIUNI
USER
USER
USER
USER
UNIUNIUNI
USER
USER
USER
USER
UNIUNIUNI
8 of 13
Generic AAA serverRule based engine
Application SpecificModule
Auth rules
Events
API2
1 1
3
AAA Server building blockAAA Server building block
Types of communication:
1: “The” AAA protocol
2: interface (API) to app specific module (addressing!)
3: interface (API or connection) to repositories (e.g. LDAP)
9 of 13
Rule example: Auth_A = (B>9) .or. C .and. D
Generic AAA serverRule based engine
Application SpecificModule
Policy
Events
2
1 1
3
Service
5
Types of communication:
5: Towards service (f.e. COPS, CLI, SNMPv3)
Pushing the buttonsPushing the buttons10 of 13
Generic AAA serverRule based engine
Application specificModule
Policy
Events2
1 1
3
Accounting/Metering Service
5
Acct Data3
5
AAA Server with Accounting as Part of the ServiceAAA Server with Accounting as Part of the Service11 of 13
AAA Server with Accounting as Separate ServiceAAA Server with Accounting as Separate Service
Generic AAA serverRule based engine
Application SpecificModule
Policy
Events2
1 1
3
AccountingModule
Service
5
Metering
6
Acct Data3
2
12 of 13
QuestionsQuestions
• Resource discovery <-> AAA discovery
• Is AAA high or low in middleware?
• All A's together or not?
• Should AAA be visible in the app or only stay in middleware and this way solve its user interface problem
Transport TCP/UDP/IP
Applications
AAA
R1 R2
CORBA
LDAP
BB ...MiddlewareGUI
12b of 13
Stretching the OSI modelStretching the OSI model
Netwerk
Diensten
bandwidthcomplexity
t
au
au
au
t
t
Netwerk
Applications
Middleware
12b' of 13
RG-Goals-1RG-Goals-1
Specific goals of the RG are:
• develop generic AAA model by specifically including Authentication and Accounting
• develop audibility framework specification that allows the AAA system functions to be checked in a multi-organization environment
• develop a model that supports management of a "mesh" of interconnected AAA Servers
• define distributed policy framework, coordinate with policy framework WG and others
• develop an accounting model that allows authorization to define the type of accounting processing required for each session
12c of 13
RG-Goals-2RG-Goals-2
Specific goals of the RG are:
• implement a simulation model that allows experimentation with the the proposed architectural models (also work on an emulation)
• describe interdomain issues using generic model
• work with AAA WG to align short term AAA protocol requirements with long term requirements as much as possible
• complete the work in Q4 - 2000 (ambitious)
• RFC 2903 - 2907 !!!!
QuickTime™ and aCinepak decompressor
are needed to see this picture.
12d of 13
Research Group - info 12e of 13
• Research Group Name: AAAARCH - RG
• Chair(s)– John Vollbrecht -- [email protected]
– Cees de Laat -- [email protected]
• Web page– www.irtf.org
– www.phys.uu.nl/~wwwfi/aaaarch
• Mailing list(s)– [email protected]
– For subscription to the mailing list, send e-mail to
[email protected] with content of message
subscribe aaaarch
end
– will be archived, retrieval with frames and in plain ascii:
» http://www.fokus.gmd.de/glone/research/aaaarch/
» http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current
» ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current
Research TF-NGNResearch TF-NGN
• Use European research net as testbed for AAA
• VLL type of service
• Top-down– Application
– Middleware - AAA
– BB
– Policy push
– Diffserv
• Focus on techniques and products
• Concentrate on
• Authentication, aggregation
• Authorisation
• SLA - policy - metering - verification
• Simulation/emulation
13 of 13