1 / 8

AAAARCH Research Group

AAAARCH Research Group. A grammar for Policies in a generic AAA Environment <draft-ietf-aaaarch-generic-policy-00.txt>. Generic policy. Grammar requirements. Support for:. Local and remote policy references. Distributed policies. ASM calls (Application Specific Modules).

eara
Download Presentation

AAAARCH Research Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAAARCH Research Group A grammar for Policies in a generic AAA Environment <draft-ietf-aaaarch-generic-policy-00.txt>

  2. Generic policy

  3. Grammar requirements Support for: • Local and remote policy references. Distributed policies. • ASM calls (Application Specific Modules). • Arithmetic and Boolean expressions. • Variables (AVPs, Attribute Value Pairs ). • Access to return values (AVPs) form ASM calls and policy references. • Add return values (AVPs) to a response.

  4. Policy if ( Conditon ) then ( ActionList ) else ( ActionList ) A policy has a TRUE or FALSE value. A policy can be part of the Condition (Boolean expression). A policy can be used as an Action (conditional Action ). A compound policy is a nested if-then-else structure.

  5. Return list Policy, PolicyRef, ASMCall is a list of at least one element. Head of the list is TRUE or FALSE. All other elements are AVPs

  6. Condition • Arbitrary Boolean expression. • Literal ::= Bool | BoolVar | ComputedBoolean • | Policy • | {Source “=“ }? BooleanProcedure • BooleanProcedure ::= PolicyRef | ASMCall • if ( • Query = getPassword( STRING Request.UserID ) • && • STRING Request.PassW == STRING Query.PassW • ) then ( … ) else ( … )

  7. Nested policy if ( exists Request.Bandwidth && INT Request.Bandwidth >= 10 ) then ( if ( INT Request.Bandwidth <= 500 ) then ( … ) else ( AVP error = “Requested bandwidth too large.” ) ) else ( AVP error = “Requested bandwidth too small.” )

  8. Policy language Language: L1 and L2 Mapping: L2 = f ( L1 ) and L1 = f-1( L2 ) L2: XML( DTD (Document Type Definition )) Pushed policies. Tools to construct policies.

More Related