1 / 12

Observations on the CAS architecture made from the Generic AAA perspective.

Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001 Frascati - Italy Leon Gommans lgommans@science.uva.nl University of Amsterdam Advanced Internet Research Group. Objectives. Give a better feeling of AAA environments.

vahe
Télécharger la présentation

Observations on the CAS architecture made from the Generic AAA perspective.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Observations on the CAS architecture made from the Generic AAA perspective. 3rd Global Gridforum Oct. 7-10th 2001 Frascati - Italy Leon Gommans lgommans@science.uva.nl University of Amsterdam Advanced Internet Research Group GGF - 3 / Leon Gommans - UvA

  2. Objectives • Give a better feeling of AAA environments. • AAA concepts regarding user administration in multi-domain environments. • Envisaged examples: • Role generic AAA in combination with CAS expanded towards the user • Role generic AAA in combination with CAS expanded towards the service. • More info: http://www.aaaarch.org GGF - 3 / Leon Gommans - UvA

  3. USER SERVICE ORGANIZATION USER HOME ORGANIZATION ISP AAA UU.NL ALICE@ UU.NL NETWORK ACCESS SERVERS RADIUS ALICE ANNE ARIE ……. AAA BOB@ UVA.NL RADIUS AAA UVA.NL RADIUS BILL BOB CAROL ……. Internet Roots • AAA roots in the “dial-in” environment where NAS use AAA servers to Authenticate & Authorize users and allow Accounting. • Need was generated by recognition that user-administration at or near the service equipment does not scale very well. GGF - 3 / Leon Gommans - UvA

  4. The “VO” from AAA perspective • Example based on a highly simplified model of the SURFNET “Student Online” facility. • The “VO” can be defined as the group of students and University Employees. The VO is offered free internet access if they belong to any Dutch University • User administration is done by each individual university • Each university is responsible for their own users towards the service. GGF - 3 / Leon Gommans - UvA

  5. Flexibility of AAA allows: • User organizations to outsourcing their dail-in service to one or more 3rd parties. • Service organizations to host multiple organizations requiring dail-in facilities. • Agreements can be implemented using a standards based protocol (RADIUS). • RADIUS allows User organizations or Agents to migrate to other Service Providers. • An agent, using proxy AAA to change its service without affecting the agreement with its customers. • A service organization to have ultimate authority over its users. GGF - 3 / Leon Gommans - UvA

  6. USER SERVICE ORGANIZATIONS ISP-A ANNE@ UU.NL NETWORK ACCESS SERVERS AAA USER HOME ORGANIZATIONS BILL@ UVA.NL RADIUS RADIUS AAA UU.NL ALICE ANNE ARIE ……. Internet AAA UVA.NL ISP-B ALICE@ UU.NL NETWORK ACCESS SERVERS BILL BOB CAROL ……. RADIUS AAA BOB@ UVA.NL RADIUS Internet GGF - 3 / Leon Gommans - UvA

  7. USER SERVICE ORGANIZATIONS ISP-A ANNE@ UU.NL NETWORK ACCESS SERVERS AAA USER HOME ORGANIZATIONS AGENT BILL@ UVA.NL RADIUS RADIUS AAA UU.NL RADIUS ALICE ANNE ARIE ……. Internet Proxy AAA AAA UVA.NL ISP-B RADIUS ALICE@ UU.NL NETWORK ACCESS SERVERS BILL BOB CAROL ……. RADIUS AAA BOB@ UVA.NL RADIUS Internet GGF - 3 / Leon Gommans - UvA

  8. AAA PUSH MODEL USER HOME ORGANIZATION USER CAS User authentication & authorization AAA can play a role in both area’s SERVICE ORGANIZATION GRID RESOURCES Resource Management in combining resources GGF - 3 / Leon Gommans - UvA

  9. USER SERVICE ORGANIZATIONS ASP-A BILL@ UVA.NL CAS GRID RE- SOURCES USER HOME ORGANIZATIONS UU.NL ALICE.UU.NL ANNE.UU.NL ARIE.UU.NL BILL.UVA.NL BOB.UVA.NL CAROL.UVA.NL ……. UVA.NL ASP-B ALICE@ UU.NL GRID RE- SOURCES GGF - 3 / Leon Gommans - UvA

  10. USER SERVICE ORGANIZATIONS AGENTS USER HOME ORGANIZATIONS ASP-A AAA MIT.EDU BILL@ UVA.NL AL AMY ANN AAA GRID RE- SOURCES CAS A AAA UU.NL ALICE ANNE ARIE ……. AAA UVA.NL CAS B ASP-B BILL BOB CAROL ……. ALICE@ UU.NL AAA GRID RE- SOURCES AAA INFN.IT DARIO FABRIZIO GIORGIO ……. Possible AAA role in user authentication & authorization ? GGF - 3 / Leon Gommans - UvA

  11. USER CAS ALICE@ UU.NL SERVICE ORGANIZATIONS ASP-A ASP-B AAA AAA BROKER BROKER GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES GRID RE- SOURCES Possible AAA role in resource management ? GGF - 3 / Leon Gommans - UvA

  12. Thank you http://www.aaaarch.org GGF - 3 / Leon Gommans - UvA

More Related