AAAARCH

The AAA Architecture (AAAarch) Research Group met June 26-27, 2000, in Dublin, Ireland.  The meeting was hosted by Baltimore

Minutes made by: David W. Spence, email: DSpence@Interlinknetworks.com
 

      The list of participants is given in Appendix A.

      Slides from the meeting presentations may be downloaded from the
      AAAarch RG web page at:

         http://www.phys.uu.nl/~wwwfi/aaaarch

      The meeting convened at 1:00 p.m. on June 26.  The meeting was
      preceded by a small group discussion of Internet-Draft
      draft-irtf-aaaaarch-pol-acct-00.txt, "Policy-based Accounting"
      (see Appendix B).

      1. Status of drafts; brief framework setting

         Cees de Laat reported that those RG drafts that completed RG
         last call have been submitted to the RFC editor for
         publication.  Bert Wijnen related that there had been a
         procedural question as to whether the IESG should review
         IRTF-submitted RFC candidates.  The question was resolved, and
         the IESG is now reviewing them.  (As these notes were being
         prepared, the news came in that the four drafts have been
         approved for publication as RFCs.)

         Cees de Laat then presented some slides on the generic AAA
         framework.

      2. Accounting model development in relation to generic
         architecture

         Draft:

            Authors:  Georg Carle, Sebastian Zander, Tanja Zseby
            Title:    "Policy-based Accounting"
            Handle:   draft-irtf-aaaarch-pol-acct-00.txt

         Sebastian Zander gave a presentation on policy-based
         accounting.

         There was a discussion concerning the discrete accounting
         model.  In the discrete model, accounting is considered as a
         separate service and is logically performed in its own
         Application Specific Module (ASM) independent of the ASM for
         the service for which accounting is being done.  John
         Vollbrecht suggested that metering may be performed by a
         different organization than the one providing the service.  For
         example a network service might be metered at a Network Access
         Point (NAP) by an independent third party.  Tanja Zseby
         explained that accounting may indeed be a user service in that
         accounting records may be transmitted to the user in real time
         as specified by user policy.  John Vollbrecht noted that since
         the integrated accounting model seems to be the more basic
         model, it may be useful to present only it at this point in the
         accounting framework and defer introduction of the discrete
         model until a later point in the document.

         Tanja Zseby presented ideas for further work including
         integration of QoS auditing into the model.

      3. Certificates, trust, and security

         Joe Salowey presented some slides on trust.

         During the discussion, John Vollbrecht attempted to address the
         question of trust relationships between entities in an AAA
         environment.  This produced an extensive discussion.

         Betty de Bruijn presented some slides on identity.

      4. Authentication: What is identity? Scalable or fuzzy identities

         Cees de Laat led a discussion of identities.

         Stephen Farrell described a mechanism whereby an ephemeral
         identity can be created for a user by an authorization
         authority in such a way that the service provider would know
         that the user is authorized but would not know who the user is.
 

      The meeting adjourned for the day at 6:00 p.m. and reconvened on
      June 27 at 9:00 a.m.

      5. Simulation progress; what do we want to learn?

         Arjan van der Vegt gave a presentation on the AAA simulation
         being conducted at Utrecht University.  The Utrecht researchers
         are creating a discrete event simulation using SimJava.

         There was a discussion concerning how the simulation uses
         session-ids.  The simulation actually assigns a unique ID to
         each transaction or "question" pertaining to a session.

         There was a discussion concerning policy representation.  Bert
         Wijnen described work underway in the Policy Framework and IP
         Security Policy Working Groups.

      6. Formal model

         Arie Taal addressed two work items being carried out at Utrecht
         University.  First he described briefly that given a few
         assumptions it is possible to represent a web of AAA servers
         processing requests in a way that is similar to other well
         known mathematical problems for which the scaling properties
         are known.  Secondly he described the software specification
         and development tools used in the Utrecht simulation.  The
         simulation uses the object oriented Rational Rose package.  The
         model is object oriented and comprises use cases, class
         diagrams and state diagrams.

      7. SIP

         Leon Gommans gave a presentation on AAA for IP telephony.  He
         described some work that Henry Sinnreich is doing to develop a
         AAA model for SIP.

      8. Session identification (the need for layered modeling)

         There was a brief discussion of session identification.

      9. Data structures, protocol mapping, RADIUS to Diameter to COPS

         David Spence led a discussion of the suitability of the various
         candidate protocols that have been submitted to the AAA WG from
         the point of view of the ongoing AAA architecture work.  The
         group failed to identify any one candidate as being clearly
         superior as a basis for the AAA infrastructure we envision.  We
         will be very interested in reading the report of the evaluation
         team and may wish to submit comments to the AAA WG for their
         consideration.
 

     The meeting adjourned from 12:30 until 1:40 p.m.

     10. Generic AAA

         Leon Gommans presented an overview that he prepared in
         collaboration with Betty de Bruijn regarding the nature and
         scope of the generic AAA problem.  Their outline could serve as
         a framework around which AAAarch output could be organized.

     11. Work Items

         There was a review of current research group work items.  The
         following work items were considered:

            Session IDs -- Nevil Brownlee
            Accounting -- Tanja Zseby, Georg Carle, Sebastian Zander
            Definition of identity -- Betty de Bruijn
            Terminology -- Joe Salowey
            Authentication models -- Stephen Farrell, Joe Salowey,
                                     John Vollbrecht
            Simulation -- Arjan van de Vegt, Arie Taal, Cees de Laat
            E-commerce example -- Betty de Bruijn, Leon Gommans
            SIP -- Henry Sinnreich, Theodore Havinis

     12. Future meetings

         There will be a telephone conference on July 12 to coordinate
         work and prepare for the Pittsburgh meeting.  Details will be
         emailed to the list.

         The next face-to-face meeting will be held in conjunction with
         the 48th IETF, July 30 -- August 4, in Pittsburgh.
 

     The meeting adjourned at 3:30 p.m.

     The efforts of Stephen Farrell and the support of Baltimore
     Technologies in hosting the meeting are gratefully acknowledged.
 

                           *   *   *   *   *
 

                               Appendix A
                          Meeting Participants

      Cees de Laat                        deLaat@phys.uu.nl
      John Vollbrecht                     JRV@Interlinknetworks.net
      Leon Gommans                        l.h.m.gommans@phys.uu.nl
      Betty de Bruijn                     Betty@EURONET.NL
      Theodore Havinis                    theodore.havinis@ericsson.com
      Arie Taal                           A.Taal@phys.uu.nl
      Joe Salowey                         joes@wrq.com
      Stephen Farrell                     stephen.farrell@baltimore.ie
      Axel Nennker                        Axel.Nennker@telekom.de
      Jrg Heuer                          joerg.heuer@telekom.de
      Arjan van der Vegt                  A.J.vanderVegt@phys.uu.nl
      Bert Wijnen                         bwijnen@lucent.com
      Tanja Zseby                         zseby@fokus.gmd.de
      Sebastian Zander                    zander@fokus.gmd.de
      David Spence                        DSpence@Interlinknetworks.com
 

                           *   *   *   *   *
 

                               Appendix B
          Subgroup Discussion of Policy-Based Accounting draft
 

      Draft:
         Authors:  Georg Carle, Sebastian Zander, Tanja Zseby
         Title:    "Policy-based Accounting"
         Handle:   draft-irtf-aaaarch-pol-acct-00.txt
 

      A subgroup met from 11:30 a.m. until 1:00 p.m. on June 26 to
      discuss the policy-based accounting draft.  The meeting afforded
      an opportunity for the participants to ask questions of the
      authors.

      Participants:
         John Vollbrecht
         Tanja Zseby
         Sebastian Zander
         Jrg Heuer
         Axel Nennker
         Stephen Farrell
         David Spence

      John Vollbrecht asked some questions about SLAs, SLSs and the
      place of agreements in the model.

      David Spence discussed the functionality of a Policy Consumer vs.
      a Policy Target and how the accounting ASMs in the draft perform
      the functionality of a Policy Consumer which can translate policy
      into a form suitable for provisioning to the accounting meters.

      There was some digression into COPS vs. Diameter and their
      suitability for carrying accounting policy.

      John Vollbrecht asked about metering.

      There followed an interesting discussion of denial of service
      attacks and the need to address these more fully in the draft.
      Stephen Farrell pointed out that any time a protocol can send a
      pointer to redirect an entity somewhere, there is a potential for
      a DoS attack.  Stephen then proposed the idea of creating a MAC
      over the first few octets of a message to provide for a quick
      pre-screening of a multi-packet message so that a message
      recipient could discard packets on arrival in the event of a DoS
      attack rather than having to buffer and calculate MACs over entire
      messages before rejecting them.
 

                           *   *   *   *   *
 

      For more information on the work of the AAA Architecture Research
      Group, see the RG web page at:

         http://www.phys.uu.nl/~wwwfi/aaaarch

      An email list archive with frames can be found at:

        http://www.fokus.gmd.de/glone/research/aaaarch/

      A plain text version of the entire email archive can be downloaded
      from:

        http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current
        ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current
 


CdL - may 1th 2000 Visitors of this page: