The list of participants is given in Appendix A.
Slides from the meeting presentations
may be downloaded from the
AAAarch RG web page at:
http://www.phys.uu.nl/~wwwfi/aaaarch
The meeting convened at 1:00 p.m. on
June 26. The meeting was
preceded by a small group discussion
of Internet-Draft
draft-irtf-aaaaarch-pol-acct-00.txt,
"Policy-based Accounting"
(see Appendix B).
1. Status of drafts; brief framework setting
Cees de Laat reported
that those RG drafts that completed RG
last call have been
submitted to the RFC editor for
publication.
Bert Wijnen related that there had been a
procedural question
as to whether the IESG should review
IRTF-submitted RFC
candidates. The question was resolved, and
the IESG is now reviewing
them. (As these notes were being
prepared, the news
came in that the four drafts have been
approved for publication
as RFCs.)
Cees de Laat then presented
some slides on the generic AAA
framework.
2. Accounting model development in relation
to generic
architecture
Draft:
Authors:
Georg Carle, Sebastian Zander, Tanja Zseby
Title: "Policy-based Accounting"
Handle: draft-irtf-aaaarch-pol-acct-00.txt
Sebastian Zander gave
a presentation on policy-based
accounting.
There was a discussion
concerning the discrete accounting
model. In the
discrete model, accounting is considered as a
separate service and
is logically performed in its own
Application Specific
Module (ASM) independent of the ASM for
the service for which
accounting is being done. John
Vollbrecht suggested
that metering may be performed by a
different organization
than the one providing the service. For
example a network
service might be metered at a Network Access
Point (NAP) by an
independent third party. Tanja Zseby
explained that accounting
may indeed be a user service in that
accounting records
may be transmitted to the user in real time
as specified by user
policy. John Vollbrecht noted that since
the integrated accounting
model seems to be the more basic
model, it may be useful
to present only it at this point in the
accounting framework
and defer introduction of the discrete
model until a later
point in the document.
Tanja Zseby presented
ideas for further work including
integration of QoS
auditing into the model.
3. Certificates, trust, and security
Joe Salowey presented some slides on trust.
During the discussion,
John Vollbrecht attempted to address the
question of trust
relationships between entities in an AAA
environment.
This produced an extensive discussion.
Betty de Bruijn presented some slides on identity.
4. Authentication: What is identity? Scalable or fuzzy identities
Cees de Laat led a discussion of identities.
Stephen Farrell described
a mechanism whereby an ephemeral
identity can be created
for a user by an authorization
authority in such
a way that the service provider would know
that the user is authorized
but would not know who the user is.
The meeting adjourned for the day at
6:00 p.m. and reconvened on
June 27 at 9:00 a.m.
5. Simulation progress; what do we want to learn?
Arjan van der Vegt
gave a presentation on the AAA simulation
being conducted at
Utrecht University. The Utrecht researchers
are creating a discrete
event simulation using SimJava.
There was a discussion
concerning how the simulation uses
session-ids.
The simulation actually assigns a unique ID to
each transaction or
"question" pertaining to a session.
There was a discussion
concerning policy representation. Bert
Wijnen described work
underway in the Policy Framework and IP
Security Policy Working
Groups.
6. Formal model
Arie Taal addressed
two work items being carried out at Utrecht
University.
First he described briefly that given a few
assumptions it is
possible to represent a web of AAA servers
processing requests
in a way that is similar to other well
known mathematical
problems for which the scaling properties
are known. Secondly
he described the software specification
and development tools
used in the Utrecht simulation. The
simulation uses the
object oriented Rational Rose package. The
model is object oriented
and comprises use cases, class
diagrams and state
diagrams.
7. SIP
Leon Gommans gave a
presentation on AAA for IP telephony. He
described some work
that Henry Sinnreich is doing to develop a
AAA model for SIP.
8. Session identification (the need for layered modeling)
There was a brief discussion of session identification.
9. Data structures, protocol mapping, RADIUS to Diameter to COPS
David Spence led a
discussion of the suitability of the various
candidate protocols
that have been submitted to the AAA WG from
the point of view
of the ongoing AAA architecture work. The
group failed to identify
any one candidate as being clearly
superior as a basis
for the AAA infrastructure we envision. We
will be very interested
in reading the report of the evaluation
team and may wish
to submit comments to the AAA WG for their
consideration.
The meeting adjourned from 12:30 until 1:40 p.m.
10. Generic AAA
Leon Gommans presented
an overview that he prepared in
collaboration with
Betty de Bruijn regarding the nature and
scope of the generic
AAA problem. Their outline could serve as
a framework around
which AAAarch output could be organized.
11. Work Items
There was a review
of current research group work items. The
following work items
were considered:
Session
IDs -- Nevil Brownlee
Accounting -- Tanja Zseby, Georg Carle, Sebastian Zander
Definition of identity -- Betty de Bruijn
Terminology -- Joe Salowey
Authentication models -- Stephen Farrell, Joe Salowey,
John Vollbrecht
Simulation -- Arjan van de Vegt, Arie Taal, Cees de Laat
E-commerce example -- Betty de Bruijn, Leon Gommans
SIP -- Henry Sinnreich, Theodore Havinis
12. Future meetings
There will be a telephone
conference on July 12 to coordinate
work and prepare for
the Pittsburgh meeting. Details will be
emailed to the list.
The next face-to-face
meeting will be held in conjunction with
the 48th IETF, July
30 -- August 4, in Pittsburgh.
The meeting adjourned at 3:30 p.m.
The efforts of Stephen Farrell and the support
of Baltimore
Technologies in hosting the meeting are gratefully
acknowledged.
* * * * *
Appendix A
Meeting Participants
Cees de Laat
deLaat@phys.uu.nl
John Vollbrecht
JRV@Interlinknetworks.net
Leon Gommans
l.h.m.gommans@phys.uu.nl
Betty de Bruijn
Betty@EURONET.NL
Theodore Havinis
theodore.havinis@ericsson.com
Arie Taal
A.Taal@phys.uu.nl
Joe Salowey
joes@wrq.com
Stephen Farrell
stephen.farrell@baltimore.ie
Axel Nennker
Axel.Nennker@telekom.de
J‰rg Heuer
joerg.heuer@telekom.de
Arjan van der Vegt
A.J.vanderVegt@phys.uu.nl
Bert Wijnen
bwijnen@lucent.com
Tanja Zseby
zseby@fokus.gmd.de
Sebastian Zander
zander@fokus.gmd.de
David Spence
DSpence@Interlinknetworks.com
* * * * *
Appendix B
Subgroup Discussion
of Policy-Based Accounting draft
Draft:
Authors: Georg
Carle, Sebastian Zander, Tanja Zseby
Title:
"Policy-based Accounting"
Handle:
draft-irtf-aaaarch-pol-acct-00.txt
A subgroup met from 11:30 a.m. until
1:00 p.m. on June 26 to
discuss the policy-based accounting
draft. The meeting afforded
an opportunity for the participants
to ask questions of the
authors.
Participants:
John Vollbrecht
Tanja Zseby
Sebastian Zander
J‰rg Heuer
Axel Nennker
Stephen Farrell
David Spence
John Vollbrecht asked some questions
about SLAs, SLSs and the
place of agreements in the model.
David Spence discussed the functionality
of a Policy Consumer vs.
a Policy Target and how the accounting
ASMs in the draft perform
the functionality of a Policy Consumer
which can translate policy
into a form suitable for provisioning
to the accounting meters.
There was some digression into COPS vs.
Diameter and their
suitability for carrying accounting
policy.
John Vollbrecht asked about metering.
There followed an interesting discussion
of denial of service
attacks and the need to address these
more fully in the draft.
Stephen Farrell pointed out that any
time a protocol can send a
pointer to redirect an entity somewhere,
there is a potential for
a DoS attack. Stephen then proposed
the idea of creating a MAC
over the first few octets of a message
to provide for a quick
pre-screening of a multi-packet message
so that a message
recipient could discard packets on arrival
in the event of a DoS
attack rather than having to buffer
and calculate MACs over entire
messages before rejecting them.
* * * * *
For more information on the work of the
AAA Architecture Research
Group, see the RG web page at:
http://www.phys.uu.nl/~wwwfi/aaaarch
An email list archive with frames can be found at:
http://www.fokus.gmd.de/glone/research/aaaarch/
A plain text version of the entire email
archive can be downloaded
from:
http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current
ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current
| CdL - may 1th 2000 | Visitors of this page: |