IPP Mail Archive: RE: IPP> IETF AAA WG discusses IPP Authorization in I-D

RE: IPP> IETF AAA WG discusses IPP Authorization in I-D

Manros, Carl-Uno B (cmanros@cp10.es.xerox.com)
Tue, 27 Jul 1999 17:55:27 -0700

Ira,

I downloaded this document and looked at it. The part about IPP is talking
about the print-by-reference case, which is still unsolved. Whoever wrote
this part seems to have understood the security requirements for
print-by-reference pretty well and outlines three possible ways of meeting
them. I am quite happy with the text so far.

Unfortunately, this is only a requirements document, what we need is actual
security solutions, but I am happy to register that they at least seem to
have understood the problem correctly which is a good start.

Carl-Uno

> -----Original Message-----
> From: Ira McDonald [mailto:imcdonal@sdsp.mc.xerox.com]
> Sent: Tuesday, July 27, 1999 8:10 AM
> To: ipp@pwg.org
> Subject: IPP> IETF AAA WG discusses IPP Authorization in I-D
>
>
>
> Hi folks, Tuesday (27
> July 1999)
>
> This I-D come from the IETF's AAA WG last month. The
> following excerpt
> will show why we ALL should have been reading this document sooner:
>
> [Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
> "AAA Authorization Architecture and Requirements", 06/22/1999,
> <draft-ietf-aaa-authorization-reqs-00.txt>]
>
> Table of Contents
> Appendix -- Examples of Authorization Applications
> ............. 30
> A.4. Internet Printing
> ...................................... 50
> A.4.1. Trust Relationships
> ............................. 51
> A.4.2. Use of Attribute Certificates
> ................... 52
> A.4.3. IPP and the Authorization Descriptive Model
> ..... 53
>
> IPP folks interested in either security or
> notification/statistics NEED
> to look at this document. These folks have an IETF chartered working
> group addressing AAA in a comprehensive fashion. Their recent I-Ds:
>
> "Roamops Authentication/Authorization Requirements", 03/23/1999,
> <draft-ietf-aaa-roamops-auth-req-00.txt>
>
> "AAA Authorization Architecture and Requirements", 06/22/1999,
> <draft-ietf-aaa-authorization-reqs-00.txt>
>
> "Mobile IP Authentication, Authorization, and Accounting
> Requirements",
> 06/30/1999, <draft-ietf-aaa-mobile-ip-req-00.txt>
>
> Cheers,
> - Ira McDonald
> High North Inc
> 906-494-2697/2434
>
> --------------------------------------------------------------
> ----------
> [Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
> "AAA Authorization Architecture and Requirements", 06/22/1999,
> <draft-ietf-aaa-authorization-reqs-00.txt>]
>
> Abstract
>
> This memo serves as the base requirements for Authorization of
> Internet Resources and Services (AIRS). It presents an
> architectural
> framework for understanding the authorization of Internet resources
> and services and derives requirements for authorization protocols.
> The authorization needs of several different applications are
> considered in a lengthy appendix.
>
>
> Table of Contents
>
> Status of this Memo
> ............................................ 1
> Copyright Notice
> ............................................... 2
> Abstract
> ....................................................... 2
> 1. Introduction
> ................................................ 3
> 2. Architecture
> ................................................ 4
> 2.1. Single Domain Case
> ..................................... 7
> 2.1.1. The Push Sequence
> ............................... 7
> 2.1.2. The Pull Sequence
> ............................... 8
> 2.1.3. The Indirect Sequence
> ........................... 9
> 2.2. Roaming
> ................................................ 10
> 2.3. Distributed Services
> ................................... 13
> 2.4. Combining Roaming and Distributed Services
> ............. 15
> 2.5. Use of Policy to Store Authorization Data
> .............. 16
> 2.6. Use of Attribute Certificates
> .......................... 18
> 2.7. Resource Management
> .................................... 21
> 2.7.1. Session Management
> .............................. 21
> 2.7.2. The Resource Manager
> ............................ 22
> 2.8. AAA Message Forwarding and Delivery
> .................... 24
> 2.9. End-to-End Security
> .................................... 25
> 2.10. Streamlined Authorization Process
> ..................... 26
> 2.11. Summary of the Architecture
> ........................... 26
> 3. Requirements for Authorization Protocol
> ..................... 27
> 3.1. Requirements for Authorization Attribute Handling
> ...... 27
> 3.1.1. Basic Requirements
> .............................. 27
> 3.1.2. Requirements for Attribute Certificates
> ......... 28
> 4. Security Considerations
> ..................................... 29
> 4.1. Security Considerations in Existing Systems
> ............ 29
> 4.2. Security Considerations of Proposed Architecture
> ....... 29
> Appendix -- Examples of Authorization Applications
> ............. 30
> A.1. PPP Dialin with Roaming
> ................................ 30
> A.1.1. Descriptive Model
> ............................... 30
> A.1.2. Authorization Requirements
> ...................... 32
> A.2. Mobile-IP
> .............................................. 32
> A.2.1. Relationship to the Architecture
> ................ 35
> A.2.2. Minimized Internet Traversal
> .................... 36
> A.2.3. Key Distribution
> ................................ 36
> A.2.4. Mobile-IP Authorization Requirements
> ............ 37
> A.3. Bandwidth Broker
> ....................................... 38
> A.3.1. Model Description
> ............................... 38
> A.3.2. Components of the Two-Tier Model
> ................ 38
> A.3.3. Identification of Contractual Relationships
> ..... 39
> A.3.3.1. Single-Domain Case
> ....................... 39
> A.3.3.2. Multi-Domain Case
> ........................ 40
> A.3.4. Identification of Trust Relationships
> ........... 40
> A.3.5. Communication Models and Trust
> .................. 43
> A.3.6. Bandwidth Broker Communication Models
> ........... 44
> A.3.6.1. Concepts
> ................................. 44
> A.3.6.2. Bandwidth Broker Work Phases
> ............. 45
> A.3.6.3. Inter-Domain Signalling
> .................. 45
> A.3.6.4. Communication Architecture
> ............... 47
> A.3.6.5. Two-Tier Inter-Domain Model
> .............. 48
> A.3.7. Requirements
> .................................... 49
> A.4. Internet Printing
> ...................................... 50
> A.4.1. Trust Relationships
> ............................. 51
> A.4.2. Use of Attribute Certificates
> ................... 52
> A.4.3. IPP and the Authorization Descriptive Model
> ..... 53
> A.5. Electronic Commerce
> .................................... 54
> A.5.1. Model Description
> ............................... 55
> A.5.1.1. Components
> ............................... 55
> A.5.1.2. Contractual Relationships
> ................ 56
> A.5.1.3. Trust Relationships
> ...................... 57
> A.5.1.4. Communication Model
> ...................... 60
> A.5.2. Multi Domain Model
> .............................. 62
> A.5.3. Requirements
> .................................... 63
> Glossary
> ....................................................... 66
> References
> ..................................................... 67
> Authors' Addresses
> ............................................. 68
>
>