Authentication Authorisation Accounting ARCHitecture
Research Group (AAAARCH)
Chairs: John Vollbrecht jrv@umich.edu and Cees de Laat delaat@science.uva.nl
Mailing-List: aaaarch@fokus.fraunhofer.de
To subscribe:Send a message to
majordomo@fokus.fraunhofer.de with
message body: subscribe aaaarch
Archive: http://www.fokus.fraunhofer.de/research/cc/meteor/research/aaarch
Web site: http://www.aaaarch.org
Membership:
Membership :== open (in any language)
To join the group one is kindly asked to mail the
chairs.
We do adopt a open mailing list, all discussions
will be on the mailing list mentioned above.
Purpose
A number of Internet Services require
Authentication, Authorization, Accounting and Audit Support. The ietf
AAA Working Group is chartered with defining short term requirements
for
a protocol that will support such services for NASREQ and MobileIP. The
work of the ietf AAA group has shown that there are a number of areas
where an AAA architecture would be helpful.
This RG will work to define a next generation
AAA architecture that incorporates a set of interconnected "generic"
AAA
servers and an application interface that allows Application Specific
Modules access to AAA functions.
The architecture's focus is to support AAA
services that:
- can inter-operate across organizational
boundaries
- are extensible yet common across a wide
variety of Internet services
- enables a concept of an AAA transaction
spanning many stakeholders
- provides application independent session
management mechanisms
- contains strong security mechanisms that
be tuned to local policies
- is scalable to the size of the global
Internet
This activity grows from the work of the
authorization team of the ietf AAA Working Group. The
authorization team has proposed an "AAA Authorization Framework" [2]
illustrated with numerous application examples [3] which in turn
motivates a proposed list of authorization requirements [4]. This
RG will build on the Authorization framework presented in [2] and the
"generic" AAA Authorization Architecture presented in [5]. It
will also draw on the work of the Policy Framework Working Group as
well
as security and accounting working groups. It will also work to provide
a reasonable transition from existing AAA protocols and from any
"interim" protocol approved by the AAA working group.
This group will coordinate closely with the
AAA-WG and will report in each IETF AAA-WG meeting.
Goals and Milestones:
- develop generic AAA model by specifically
including Authentication and Accounting
- develop auditability framework
specification that allows the AAAsystem functions to be checked in a
multi-organization environment
- develop a model for management of a
"mesh"
of interconnected AAA Servers
- describe interdomain issues using generic
model
- define in a high level and abstract way
the interfaces between the different components in the architecture
- define distributed AAA related policy
framework
- develop an accounting model that allows
authorization to define the type of accounting processing required for
each session.
- implement a simulation model that allows
experimentation with the proposed architecture
- work with RAP-WG to develop an
Authentication Information management model.
- work with GRID-Forum to align the
security
and AAA architectural ideas
References:
- Weinrib A, Postel J, "IRTF Research Group
Guidelines and Procedures", RFC 2014, BCP 8, October 1996.
- J. Vollbrecht et al, "AAA Authorization
Framework", RFC 2904, Informational, August 2000.
- J. Vollbrecht et al, "AAA Authorization
Application Examples", RFC 2905, Informational, August 2000.
- S. Farrell et al, "AAA
Authorization
Requirements", RFC 2906, Informational, August 2000.
- C. de Laat et al, "Generic AAA
Architecture", RFC 2903, Experimental, August 2000
Original: CdL - dec 10th 1999
Revised : CdL - may 30th 2001