1 / 15

Session ID

Session ID. Georg Carle, John Vollbrecht, Sebastian Zander , Tanja Zseby San Diego, December 2000. Overview. Binding Objectives Binding Concepts Related Work Requirements Session ID Generation Examples Summary. Binding Objectives.

myrna
Download Presentation

Session ID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000

  2. Overview • Binding Objectives • Binding Concepts • Related Work • Requirements • Session ID Generation • Examples • Summary San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  3. Binding Objectives • Authentication, Authorization and Accounting with the Service provisioning process (Service Session) • Accounting records (maybe generated by different hosts) which provide the accounting data for the services a user has used • Different service sessions that logically belong together Binding needed for Auditing and Accounting San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  4. Binding Objectives Session Auth Authoriz Service Usage Accounting Subsession 1 Subsession 2 Time San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  5. Binding Concepts • Hierarchical Binding: Subsession IDs are derived from supersession (e.g. key ring approach) • Peer-to-peer Binding: Two “equal” sessions without specifying hierarchy • Late Binding: Binding is not done during session lifetime but is created later if needed based on attributes (e.g. IP address, start time) San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  6. Related Work • RADIUS • DIAMETER • WWW based Services • RTSP • SIP • SDP/SAP San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  7. Requirements • Binding • Flexibility • Scalability • Session ID • Globally unique • Privacy • Security is important San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  8. Session ID Generation • Server generates ID during initial message exchange (e.g. authentication) • user and/or server specific information • time or increasing number • cryptographic hash • Simple scheme to create global unique ID: AAA ID + Service ID + Session ID • AAA ID: Global unique ID of the AAA server • Service ID: Identify a service at a AAA server • Session ID: Unique ID in the scope of the service San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  9. Example: VoD over Diffserv 1 ID: X ID: X Y User CP X (Content) X Y (Diffserv Access) Y TP 2 TP 1 Z (Diffserv) Z ID: Y ID: Z Z CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  10. Example: VoD over Diffserv 2 ID: Y ID: Y Z User CP Y (Content) Z (Diffserv Access) X Y Z TP 2 TP 1 X (Diffserv) ID: X ID: X Z CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  11. Example: VoD over Diffserv 3 ID: X ID: X Y , Z User CP X (Content) Y (Diffserv Access) Z V X W Z Y ID: V V (Diffserv) TP 2 TP 1 ID: V W Y W (Diffserv) ID: W Z TP 3 CP: Content Provider TP: Transport Provider San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  12. Example: VoD over Diffserv 3 • Auditing • auditing information is transferred to trusted server during session lifetime • binding is done when needed (i.e. audit request) user  audit_server: query X audit_server  CP: X ... audit_server  user: audit info X, Y, Z, V, W San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  13. Summary • Currently only AAAARCH internal draft • Terminology • Problem Statement • Related Work • Requirements • Examples • Number of open issues San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  14. The End San Diego IETF, December 2000: AAAARCH Meeting - Session ID

  15. Open Issues • How does this work with the different authorization models (RFC2904) • Do we need to encode session hierarchy in the session id? • More precise definitions (i.e. subsession) • Look at SIP, RTSP, SDP/SAP • More examples  rework existing concepts San Diego IETF, December 2000: AAAARCH Meeting - Session ID

More Related