AAAARCH

Authentication, Authorization, and Accounting Architecture (AAAarch) Research Group meeting August 2th 2000 at 48th IETF in Pittsburg, Pennsylvania, USA

Meeting report prepared by: David W. Spence, email: DSpence@Interlinknetworks.com

We found out that the bluesheets, which were flashy green in Adelaide are now actually pink (see below). We need to form rough consensus on this one.


 

The AAA Architecture (AAAarch) Research Group met Wednesday August 2,
2000, during the 48th IETF in Pittsburgh, Pennsylvania, U.S.A.  The
meeting convened at 3:30 p.m.

Chairs:  Cees de Laat (not present)
         John Vollbrecht (on the picture)

Agenda:
 
   John Vollbrecht          5 : Agenda bashing, FNT and opening remarks
   Farrell, Salowey        20 : authentication framework
   Ed Ellesson             15 : presentation on policy
   Henry Sinnreich         10 : SIP
   Theodore Havinis        15 : SIP
   Georg Carle              7 : Accounting Issues
   Tanja Zseby              8 : Examples for policy-based Accounting
                                in AAA Framework
   Bob Morgan              15 : Middleware, I2 and AAA
   Nevil Brownlee           5 : update on session ID thinking
   John Vollbrecht         15 : discussion of direction and
                                structure of future work
   John Vollbrecht          5 : General concluding remarks, collect
                                blue sheets, recognizable by pink color
                          ===
                          120

1. Agenda bashing and opening remarks -- John Vollbrecht

   John Vollbrecht opened the meeting by welcoming everyone to the
   meeting.

2. AAAarch Authentication Schemes -- Stephen Farrell, Joe Salowey
 
   Stephen Farrell and Joe Salowey presented work they did in
   collaboration with John Vollbrecht and Standish Stewart to establish
   an authentication framework and tie it in with the authorization
   framework developed previously.

   Stephen Farrell explained the work of the authentication team.  The
   team is analyzing existing authentication schemes, creating models,
   and matching them up with the authorization models.  He described the
   factors considered and showed basic block diagrams for several models
   involving a user, an application, and an application AAA server.
 
   Joe Salowey presented more specific models illustrating how the
   Kerberos authentication system might be modeled.  He presented
   several different push and pull models including interdomain models.
 
3. Policy Framework Status -- Ed Ellesson

   Next, Ed Ellesson, one of the co-chairs of the Policy Framework WG
   presented an overview of the work of the Policy Framework WG.  He
   described the objectives of the working group and listed the other
   groups with which they work both within and outside the IETF.  He
   then gave a brief overview of the policy framework shared between the
   Policy Framework and Resource Allocation Protocol (RAP) Working
   Groups.  He defined a policy as consisting of policy rules which, in
   turn, consist of policy conditions and policy actions.  He concluded
   with a summary of working group work items and deliverables.
 
   The discussion following the presentation ranged from interdomain
   issues to the relatively static nature of policy.
 
4. AAA Usage for IP Telephony with QoS -- Henry Sinnreich
 
   Henry Sinnreich began his presentation by citing the Internet Drafts:
 
      draft-sinnreich-aaa-interdomain-sip-qos-osp-00.txt
      draft-johnston-sip-osp-token-00.txt
 
   His presentation explained and elaborated on the work in the first
   of the drafts, "AAA Usage for IP Telephony with QoS".  He presented a
   model showing the entities involved in interdomain SIP and the
   communication required to authenticate, authorize, and account for
   the SIP calls.
 
   The discussion following the presentation focused on the trust
   relationships between the various entities.
 
5. How can AAA Infrastructure Support Services and Applications in Roaming
   Architectures -- Theodore Havinis
 
   Theodore Havinis' presentation discussed issues in applying AAA to
   SIP in a 3G mobile environment with roaming.  He considered both end
   user and network to network authentication and considered the use of
   an AAA infrastructure for key distribution and the possible
   piggybacking of SIP registration information.  He concluded by
   describing three different modes of operation for network to network
   authentication and security: in-band, out-of-band, and transparent.
 
6. Policy-based Accounting: Accounting Issues -- Georg Carle
 
   Georg Carle presented work he did jointly with Sebastian Zander.  He
   discussed the following issues concerning policy-based accounting:
   flexibility, outsourcing, abstraction (the desire to use a variety of
   metering devices while hiding heterogeneity), the interaction of
   accounting with authentication and authorization, privacy, and
   scalability and efficiency.  He presented slides depicting a
   policy-based accounting architecture.
 
7. Examples for Policy-based Accounting in the AAA Framework -- Tanja Zseby
 
   Tanja Zseby began her presentation by positioning the policy-based
   accounting work being done at GMD Fokus against other important
   accounting papers.  She next presented two detailed accounting
   examples.  The first was for a diffserv service with integrated
   accounting.  The second example showed discrete accounting.  She
   concluded by listing the remaining work items in the field of
   policy-based accounting.
 
8. General concluding remarks, collect pink sheets -- John Vollbrecht
 
   There will possibly be an interim meeting Sept. 28-29 in Berlin
   hosted by GMD Fokus.
 
The meeting concluded at 5:30 p.m.

 
                           *   *   *   *   *

For more information on the work of the AAA Architecture Research Group, see the RG web page at:
 
         http://www.phys.uu.nl/~wwwfi/aaaarch
 
An email list archive with frames can be found at:

        http://www.fokus.gmd.de/glone/research/aaaarch/
 
A plain text version of the entire email archive can be downloaded from:
 
        http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current
        ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current


CdL - aug 31th 2000 Visitors of this page: