IPP Mail Archive: IPP> IETF AAA WG discusses IPP Authorization in I-D

IPP> IETF AAA WG discusses IPP Authorization in I-D

Ira McDonald (imcdonal@sdsp.mc.xerox.com)
Tue, 27 Jul 1999 11:10:18 -0400

Hi folks, Tuesday (27 July 1999)

This I-D come from the IETF's AAA WG last month. The following excerpt
will show why we ALL should have been reading this document sooner:

[Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
"AAA Authorization Architecture and Requirements", 06/22/1999,
<draft-ietf-aaa-authorization-reqs-00.txt>]

Table of Contents
Appendix -- Examples of Authorization Applications ............. 30
A.4. Internet Printing ...................................... 50
A.4.1. Trust Relationships ............................. 51
A.4.2. Use of Attribute Certificates ................... 52
A.4.3. IPP and the Authorization Descriptive Model ..... 53

IPP folks interested in either security or notification/statistics NEED
to look at this document. These folks have an IETF chartered working
group addressing AAA in a comprehensive fashion. Their recent I-Ds:

"Roamops Authentication/Authorization Requirements", 03/23/1999,
<draft-ietf-aaa-roamops-auth-req-00.txt>

"AAA Authorization Architecture and Requirements", 06/22/1999,
<draft-ietf-aaa-authorization-reqs-00.txt>

"Mobile IP Authentication, Authorization, and Accounting Requirements",
06/30/1999, <draft-ietf-aaa-mobile-ip-req-00.txt>

Cheers,
- Ira McDonald
High North Inc
906-494-2697/2434

------------------------------------------------------------------------
[Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
"AAA Authorization Architecture and Requirements", 06/22/1999,
<draft-ietf-aaa-authorization-reqs-00.txt>]

Abstract

This memo serves as the base requirements for Authorization of
Internet Resources and Services (AIRS). It presents an architectural
framework for understanding the authorization of Internet resources
and services and derives requirements for authorization protocols.
The authorization needs of several different applications are
considered in a lengthy appendix.

Table of Contents

Status of this Memo ............................................ 1
Copyright Notice ............................................... 2
Abstract ....................................................... 2
1. Introduction ................................................ 3
2. Architecture ................................................ 4
2.1. Single Domain Case ..................................... 7
2.1.1. The Push Sequence ............................... 7
2.1.2. The Pull Sequence ............................... 8
2.1.3. The Indirect Sequence ........................... 9
2.2. Roaming ................................................ 10
2.3. Distributed Services ................................... 13
2.4. Combining Roaming and Distributed Services ............. 15
2.5. Use of Policy to Store Authorization Data .............. 16
2.6. Use of Attribute Certificates .......................... 18
2.7. Resource Management .................................... 21
2.7.1. Session Management .............................. 21
2.7.2. The Resource Manager ............................ 22
2.8. AAA Message Forwarding and Delivery .................... 24
2.9. End-to-End Security .................................... 25
2.10. Streamlined Authorization Process ..................... 26
2.11. Summary of the Architecture ........................... 26
3. Requirements for Authorization Protocol ..................... 27
3.1. Requirements for Authorization Attribute Handling ...... 27
3.1.1. Basic Requirements .............................. 27
3.1.2. Requirements for Attribute Certificates ......... 28
4. Security Considerations ..................................... 29
4.1. Security Considerations in Existing Systems ............ 29
4.2. Security Considerations of Proposed Architecture ....... 29
Appendix -- Examples of Authorization Applications ............. 30
A.1. PPP Dialin with Roaming ................................ 30
A.1.1. Descriptive Model ............................... 30
A.1.2. Authorization Requirements ...................... 32
A.2. Mobile-IP .............................................. 32
A.2.1. Relationship to the Architecture ................ 35
A.2.2. Minimized Internet Traversal .................... 36
A.2.3. Key Distribution ................................ 36
A.2.4. Mobile-IP Authorization Requirements ............ 37
A.3. Bandwidth Broker ....................................... 38
A.3.1. Model Description ............................... 38
A.3.2. Components of the Two-Tier Model ................ 38
A.3.3. Identification of Contractual Relationships ..... 39
A.3.3.1. Single-Domain Case ....................... 39
A.3.3.2. Multi-Domain Case ........................ 40
A.3.4. Identification of Trust Relationships ........... 40
A.3.5. Communication Models and Trust .................. 43
A.3.6. Bandwidth Broker Communication Models ........... 44
A.3.6.1. Concepts ................................. 44
A.3.6.2. Bandwidth Broker Work Phases ............. 45
A.3.6.3. Inter-Domain Signalling .................. 45
A.3.6.4. Communication Architecture ............... 47
A.3.6.5. Two-Tier Inter-Domain Model .............. 48
A.3.7. Requirements .................................... 49
A.4. Internet Printing ...................................... 50
A.4.1. Trust Relationships ............................. 51
A.4.2. Use of Attribute Certificates ................... 52
A.4.3. IPP and the Authorization Descriptive Model ..... 53
A.5. Electronic Commerce .................................... 54
A.5.1. Model Description ............................... 55
A.5.1.1. Components ............................... 55
A.5.1.2. Contractual Relationships ................ 56
A.5.1.3. Trust Relationships ...................... 57
A.5.1.4. Communication Model ...................... 60
A.5.2. Multi Domain Model .............................. 62
A.5.3. Requirements .................................... 63
Glossary ....................................................... 66
References ..................................................... 67
Authors' Addresses ............................................. 68