1 / 23

Accessor Issues in the Access Bind PIB

Accessor Issues in the Access Bind PIB. Freek Dijkstra Utrecht University, the Netherlands. Goal. Make you familiar with datastructure of the Access Bind PIB. Make you aware of the dependency of the draft on other documents. Talk Outline. Introduction of keywords and physical model.

hans
Download Presentation

Accessor Issues in the Access Bind PIB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Accessor Issuesin the Access Bind PIB Freek Dijkstra Utrecht University, the Netherlands

  2. Goal • Make you familiar with datastructure of the Access Bind PIB. • Make you aware of the dependency of the draft on other documents. Auth PIB Accessor Issues

  3. Talk Outline • Introduction of keywords and physical model. • Discuss how and when new sessions are created. • Explain how this is implemented in our model. • Tell about other drafts where our data-structure refers to. • Conclusion. Auth PIB Accessor Issues

  4. Device Names time U S E R P E P P D P Access request USER = Requester of the services PEP = Policy Enforcement Point (a NAD, Network Access Device, in AAA-terminology) PDP = Policy Decision Point (an AAA-Server) Access notification Access decision Access decision Access PIB Auth PIB Accessor Issues

  5. Definitions • PEP = Policy Enforcement Point • PDP = Policy Decision Point • Sessions are created when an authentication dialogue starts • PIB = Policy Information Base • PRC, PRI, PRID = Part of PIB: Provisioning class, -instance, -identifier • Accessor = A table in our PIB Auth PIB Accessor Issues

  6. time U S E R P E P P D P Connection Steps PEP notices user traffic/access request Access request to PDP Retrieve PEP knowledge about the user Credential negotiation (not shown) Provision PEP with policies Access decision (approval or denial) Access decision notification to user Usage of service Auth PIB Accessor Issues

  7. Capability Exchange time P E P P D P “Capabilities” “Behaviour” U S E R Access request Access notification Access decision Access decision Access PIB Auth PIB Accessor Issues

  8. Accessor The Accessor table: • … Is installed in the PEP by the PDP. • Specifies when a new session is created. • Specifies what information to sent along with a new authentication request. • Specifies how to retrieve this information (using which authentication protocol: PAP, CHAP, EAP-MD5, EAP-TLS, etc.). Auth PIB Accessor Issues

  9. PIB Datastructure Accessor AccessorAuthProtocol AccessorAuthProtocol ContextData ContextData ContextData Accessor Element SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  10. PIB Datastructure AuthProtocol Accessor AccessorAuthProtocol AccessorAuthProtocol ContextData ContextData ContextData Accessor Element SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  11. PIB Datastructure Accessor AccessorAuthProtocol AccessorAuthProtocol AuthContext ContextData ContextData ContextData Accessor Element SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  12. PIB Datastructure Accessor AccessorAuthProtocol AccessorAuthProtocol ElmRef ContextData ContextData ContextData Accessor Element SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  13. PIB Datastructure Accessor AccessorAuthProtocol AccessorAuthProtocol ContextData ContextData ContextData Accessor Element ElementScope SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  14. PIB Datastructure Accessor AccessorAuthProtocol AccessorAuthProtocol ContextData ContextData ContextData Accessor Element SessionScope Filter SessionScope Filter SessionScope DataPath Filter Auth PIB Accessor Issues

  15. Framework PIB Filters • IP filter • 802 filter • Internal label filter Auth PIB Accessor Issues

  16. Conclusion • Our model is potentially powerful; It can support any kind of trigger to create new sessions. • We depend on other framework PIBs which may or may not need be sufficient. There should go some effort in those as well, and that is out of scope of our draft, but in scope of the IETF in general. Auth PIB Accessor Issues

  17. Freek Dijkstra Utrecht University, the Netherlands

  18. PEP 17.1.13.15 17.5.8.1 17.0.0.0/8 17.1.2.4 meter other meter Auth PIB Accessor Issues

  19. Example: Wireless Auth PIB Accessor Issues

  20. Example: Dial-up Auth PIB Accessor Issues

  21. Example: LAN Auth PIB Accessor Issues

  22. Example: HTTP Auth PIB Accessor Issues

  23. Example: Pizza phone orders Auth PIB Accessor Issues

More Related