AAAARCH meeting march 30th 2000 at 47th IETF in Adelaide, Australia

Minutes made by: David W. Spence, email:

The Authentication, Authorization, and Accounting Architecture (AAAarch)  Research Group met on March 30, 2000 during the 47th IETF in Adelaide,  Australia.


CHAIRS: Cees de Laat <>
        John Vollbrecht <>

Cees de Laat/John Vollbrecht   10 : Agenda bashing, FNT and opening remarks

Shai Herzog                    10 : policy push across domains
Henry Sinnreich                10 : interdomain SIP
Tanja Zseby                    10 : accounting
John Vollbrecht                10 : attribute certificates and  authorization
Dave Spence                    10 : Data stucture considerations
Nevil Brownlee                 10 : Session id thoughs
Nitsan Elfassy                 10 : existing policy management architectures
Shuichi Tashiro                10 : AAA for document delivery
Bert-Jan van Beijnum           10 : reverse charging

Discussion space               10 : unforseen discussion time

Cees de Laat/John Vollbrecht   10 : General concluding remarks, collect blue
                                    sheets, recognizable from the green color

P.S. FNT = Find Note Taker

At least 140 people attended the meeting. To distinguish this RG meeting from a WG meeting the blue sheets had a yellow-green color.

After opening remarks and moving to a larger room to accomodate more people,  Cees de Laat explained the goal of this meeting. Since detailed discussions tend to take a lot of time and two hours in that respect is nothing, this meeting is aiming at information exchange between our RG and other WG's working on topics which we eventually need in our architecture.

Shai Herzog gave a presentation entitled, "Inter-Domain Policy Architecture" in which he presented a model for enforcing policy in a multi-domain environment through the use of  bilateral negotiations between administrations.

Next, Henry Sinnreich presented the talk, "Interdomain SIP -- QOS Needs Framework".  He presented an interdomain and transit model for Internet telephony with QOS.

Tanja Zseby gave a presentation coauthored by herself, Georg Carle, and Sebastian Zander, on "Policy-based Accounting".  In it she explained the reasons why accounting policies are needed and then went on to present a simple model for interdomain policy retrieval.  She closed with a list of open issues requiring further investigation.

John Vollbrecht presented "Some Basics of an AAA Control Model".  In his talk, he expanded on the architectural model described in the AAAarch framework draft by discussing use of certificates or tokens to carry authorization policy.  He presented different AAA message sequences that may be appropriate for different applications and discussed the need to evaluate policy from multiple organizations relative to a single request.

David Spence presented "Some Thoughts on Data Representation" in which he contrasted some data representation techniques that have been used in AAA protocols including structure objects, grouped objects, and self-defining syntax.

Nevil Brownlee gave a presentation on "Accounting, Auditing, and Session IDs".  In it, he presented a model for a multi-server session with multiple subsessions and showed how each server could generate unique session IDs and include them in audit records sent to one or more audit servers.

Nitsan Elfassy gave a presentation on "QOS Policy Management".  He described his web based policy management tools for policy definition, policy validation, device qos management, and policy monitoring and accounting.

Shuichi Tashiro presented a talk entitled "AAA for Document Delivery". In his model, each document has an associated policy and each user a set of capabilities.  A Policy Enforcement Engine compares policy against capabilities and grants access.  Both off-line and on-line models were presented.

Next  Bert-Jan van Beijnum gave a presentation on "Reversed Charging" which was coauthored by Remco Poortinga.  In it he described how a user and a content provider could connect to different ISPs with the user paying for transport at both ends.  Charges would be mediated by a trusted third party.

Finally Bob Morgan described the "Shibboleth Project" at the University of Washington.  The Shibboleth Project provides for inter-institutional web page authorization.

The meeting concluded with a brief general discussion.

Most of the presentations can be viewed on line at:

CdL - may 1th 2000 Visitors of this page: