1 / 15

Session ID Binding Objectives and Concepts from AAAARCH Meeting, IETF San Diego, December 2000

This document provides an overview of the Session ID binding objectives and concepts presented at the AAAARCH meeting during IETF in San Diego, December 2000. It discusses the need for binding in the context of Authentication, Authorization, and Accounting (AAA), particularly for service provisioning processes. Key areas covered include hierarchical and peer-to-peer binding methods, session ID generation requirements, and related works such as RADIUS and DIAMETER. Edicts on flexibility, scalability, privacy, and security in session management are emphasized, along with practical examples of binding scenarios like Video on Demand.

myrna
Télécharger la présentation

Session ID Binding Objectives and Concepts from AAAARCH Meeting, IETF San Diego, December 2000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000

  2. Overview • Binding Objectives • Binding Concepts • Related Work • Requirements • Session ID Generation • Examples • Summary San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  3. Binding Objectives • Authentication, Authorization and Accounting with the Service provisioning process (Service Session) • Accounting records (maybe generated by different hosts) which provide the accounting data for the services a user has used • Different service sessions that logically belong together Binding needed for Auditing and Accounting San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  4. Binding Objectives Session Auth Authoriz Service Usage Accounting Subsession 1 Subsession 2 Time San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  5. Binding Concepts • Hierarchical Binding: Subsession IDs are derived from supersession (e.g. key ring approach) • Peer-to-peer Binding: Two “equal” sessions without specifying hierarchy • Late Binding: Binding is not done during session lifetime but is created later if needed based on attributes (e.g. IP address, start time) San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  6. Related Work • RADIUS • DIAMETER • WWW based Services • RTSP • SIP • SDP/SAP San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  7. Requirements • Binding • Flexibility • Scalability • Session ID • Globally unique • Privacy • Security is important San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  8. Session ID Generation • Server generates ID during initial message exchange (e.g. authentication) • user and/or server specific information • time or increasing number • cryptographic hash • Simple scheme to create global unique ID: AAA ID + Service ID + Session ID • AAA ID: Global unique ID of the AAA server • Service ID: Identify a service at a AAA server • Session ID: Unique ID in the scope of the service San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  9. Example: VoD over Diffserv 1 ID: X ID: X Y User CP X (Content) X Y (Diffserv Access) Y TP 2 TP 1 Z (Diffserv) Z ID: Y ID: Z Z CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  10. Example: VoD over Diffserv 2 ID: Y ID: Y Z User CP Y (Content) Z (Diffserv Access) X Y Z TP 2 TP 1 X (Diffserv) ID: X ID: X Z CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  11. Example: VoD over Diffserv 3 ID: X ID: X Y , Z User CP X (Content) Y (Diffserv Access) Z V X W Z Y ID: V V (Diffserv) TP 2 TP 1 ID: V W Y W (Diffserv) ID: W Z TP 3 CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  12. Example: VoD over Diffserv 3 • Auditing • auditing information is transferred to trusted server during session lifetime • binding is done when needed (i.e. audit request) user  audit_server: query X audit_server  CP: X ... audit_server  user: audit info X, Y, Z, V, W San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  13. Summary • Currently only AAAARCH internal draft • Terminology • Problem Statement • Related Work • Requirements • Examples • Number of open issues San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  14. The End San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  15. Open Issues • How does this work with the different authorization models (RFC2904) • Do we need to encode session hierarchy in the session id? • More precise definitions (i.e. subsession) • Look at SIP, RTSP, SDP/SAP • More examples  rework existing concepts San Diego IETF, December 2000: AAAARCH Meeting - Session ID

More Related