1 / 18

TF-NGN AAA research Cees de Laat

1 of 10. TF-NGN AAA research Cees de Laat. Utrecht University. Contents of this talk. 2 of 10. This space is intentionally left blank. USA line. Multi Kingdom Problems. 3 of 10. Physics-UU to IPP-FZJ => 7 kingdoms Netherlands Physics dept Campus net SURFnet Europe TEN 155

franciscoa
Télécharger la présentation

TF-NGN AAA research Cees de Laat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 1 of 10 TF-NGN AAA research Cees de Laat Utrecht University

  2. Contents of this talk 2 of 10 • This space is intentionally left blank

  3. USA line Multi Kingdom Problems 3 of 10 Physics-UU to IPP-FZJ => 7 kingdoms • Netherlands • Physics dept • Campus net • SURFnet • Europe • TEN 155 • Germany • WINS/DFN • Juelich, Campus • Plasma Physics dept 3 ms 2.5 ms 17 ms • Jülich

  4. Remote service End user The need for AAA 4 of 10 See IRTF AAA-ARCH Research group AAA $$$ ? AAA AAA ? BB BB management management R R R R Kingdom N Kingdom N+1

  5. Policy based networking example 5 of 10 Pc Policy based networking switch with > layer 4 AAA functionality Experiment Macintosh Camera AAA

  6. User-Home Organisation Bandwidth Broker Financial Organisation Content Server AAA AAA AAA AAA Content Server Internet AAA Content Server Service Profiles AAA ASP 6 of 11 Layer 3/4 Switch User AAA AAA ISP's ASP

  7. University SURFnet Hogeschool Library NOB Roles 7 of 12 Content Portals Brokers Customers

  8. Roles U S E R U S E R U S E R 8 of 13 U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R U S E R UNI UNI UNI UNI UNI UNI UNI UNI UNI SURFnet DFN REDIRIS SWITCH REDIRIS REDIRIS REDIRIS GEANT/DANTE

  9. Auth rules Events AAA Server building block 9 of 13 Rule example: Auth_A = (B>9) .or. C .and. D 1 1 Generic AAA server Rule based engine API 3 2 Application Specific Module Types of communication: 1: “The” AAA protocol 2: interface (API) to app specific module (addressing!) 3: interface (API or connection) to repositories (e.g. LDAP)

  10. Policy Events Pushing the buttons 10 of 13 1 1 Generic AAA server Rule based engine 3 2 Application Specific Module 5 Service Types of communication: 5: Towards service (f.e. COPS, CLI, SNMPv3)

  11. Policy Events Acct Data AAA Server with Accounting as Part of the Service 11 of 13 1 1 Generic AAA server Rule based engine 3 2 Application specific Module 5 5 Service Accounting/ Metering 3

  12. Policy Events Acct Data AAA Server with Accounting as Separate Service 12 of 13 1 1 Generic AAA server Rule based engine 3 2 2 Application Specific Module Accounting Module 3 5 6 Service Metering

  13. Applications Transport TCP/UDP/IP Questions 12b of 13 • Resource discovery <-> AAA discovery • Is AAA high or low in middleware? • All A's together or not? • Should AAA be visible in the app or only stay in middleware and this way solve its user interface problem AAA C O R B A L D A P BB R1 R2 Middleware GUI ...

  14. Stretching the OSI model 12b' of 13 au bandwidth complexity Applications Diensten t au Middleware t au Netwerk Netwerk t

  15. RG-Goals-1 12c of 13 Specific goals of the RG are: • develop generic AAA model by specifically including Authentication and Accounting • develop audibility framework specification that allows the AAA system functions to be checked in a multi-organization environment • develop a model that supports management of a "mesh" of interconnected AAA Servers • define distributed policy framework, coordinate with policy framework WG and others • develop an accounting model that allows authorization to define the type of accounting processing required for each session

  16. RG-Goals-2 12d of 13 Specific goals of the RG are: • implement a simulation model that allows experimentation with the the proposed architectural models (also work on an emulation) • describe interdomain issues using generic model • work with AAA WG to align short term AAA protocol requirements with long term requirements as much as possible • complete the work in Q4 - 2000 (ambitious) • RFC 2903 - 2907 !!!!

  17. Research Group - info 12e of 13 • Research Group Name: AAAARCH - RG • Chair(s) • John Vollbrecht -- jrv@merit.edu • Cees de Laat -- delaat@phys.uu.nl • Web page • www.irtf.org • www.phys.uu.nl/~wwwfi/aaaarch • Mailing list(s) • aaaarch@fokus.gmd.de • For subscription to the mailing list, send e-mail to • majordomo@fokus.gmd.dewith content of message • subscribe aaaarch • end • will be archived, retrieval with frames and in plain ascii: • http://www.fokus.gmd.de/glone/research/aaaarch/ • http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current • ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current

  18. Research TF-NGN 13 of 13 • Use European research net as testbed for AAA • VLL type of service • Top-down • Application • Middleware - AAA • BB • Policy push • Diffserv • Focus on techniques and products • Concentrate on • Authentication, aggregation • Authorisation • SLA - policy - metering - verification • Simulation/emulation

More Related