48th IETF Pittsburgh, Pennsylvania, U.S.A. Authentication, Authorization, and Accounting Architecture (AAAarch) Research Group Chairs: Cees de Laat John Vollbrecht Meeting report prepared by: David Spence The AAA Architecture (AAAarch) Research Group met Wednesday August 2, 2000, during the 48th IETF in Pittsburgh, Pennsylvania, U.S.A. The meeting convened at 3:30 p.m. Agenda: John Vollbrecht 5 : Agenda bashing, FNT and opening remarks Farrell, Salowey 20 : authentication framework Ed Ellesson 15 : presentation on policy Henry Sinnreich 10 : SIP Theodore Havinis 15 : SIP Georg Carle 7 : Accounting Issues Tanja Zseby 8 : Examples for policy-based Accounting in AAA Framework Bob Morgan 15 : Middleware, I2 and AAA Nevil Brownlee 5 : update on session ID thinking John Vollbrecht 15 : discussion of direction and structure of future work John Vollbrecht 5 : General concluding remarks, collect blue sheets, recognizable by pink color === 120 1. Agenda bashing and opening remarks -- John Vollbrecht John Vollbrecht opened the meeting by welcoming everyone to the meeting. 2. AAAarch Authentication Schemes -- Stephen Farrell, Joe Salowey Stephen Farrell and Joe Salowey presented work they did in collaboration with John Vollbrecht and Standish Stewart to establish an authentication framework and tie it in with the authorization framework developed previously. Stephen Farrell explained the work of the authentication team. The team is analyzing existing authentication schemes, creating models, and matching them up with the authorization models. He described the factors considered and showed basic block diagrams for several models involving a user, an application, and an application AAA server. Joe Salowey presented more specific models illustrating how the Kerberos authentication system might be modeled. He presented several different push and pull models including interdomain models. 3. Policy Framework Status -- Ed Ellesson Next, Ed Ellesson, one of the co-chairs of the Policy Framework WG presented an overview of the work of the Policy Framework WG. He described the objectives of the working group and listed the other groups with which they work both within and outside the IETF. He then gave a brief overview of the policy framework shared between the Policy Framework and Resource Allocation Protocol (RAP) Working Groups. He defined a policy as consisting of policy rules which, in turn, consist of policy conditions and policy actions. He concluded with a summary of working group work items and deliverables. The discussion following the presentation ranged from interdomain issues to the relatively static nature of policy. 4. AAA Usage for IP Telephony with QoS -- Henry Sinnreich Henry Sinnreich began his presentation by citing the Internet Drafts: draft-sinnreich-aaa-interdomain-sip-qos-osp-00.txt draft-johnston-sip-osp-token-00.txt His presentation explained and elaborated on the work in the first of the drafts, "AAA Usage for IP Telephony with QoS". He presented a model showing the entities involved in interdomain SIP and the communication required to authenticate, authorize, and account for the SIP calls. The discussion following the presentation focused on the trust relationships between the various entities. 5. How can AAA Infrastructure Support Services and Applications in Roaming Architectures -- Theodore Havinis Theodore Havinis' presentation discussed issues in applying AAA to SIP in a 3G mobile environment with roaming. He considered both end user and network to network authentication and considered the use of an AAA infrastructure for key distribution and the possible piggybacking of SIP registration information. He concluded by describing three different modes of operation for network to network authentication and security: in-band, out-of-band, and transparent. 6. Policy-based Accounting: Accounting Issues -- Georg Carle Georg Carle presented work he did jointly with Sebastian Zander. He discussed the following issues concerning policy-based accounting: flexibility, outsourcing, abstraction (the desire to use a variety of metering devices while hiding heterogeneity), the interaction of accounting with authentication and authorization, privacy, and scalability and efficiency. He presented slides depicting a policy-based accounting architecture. 7. Examples for Policy-based Accounting in the AAA Framework -- Tanja Zseby Tanja Zseby began her presentation by positioning the policy-based accounting work being done at GMD Fokus against other important accounting papers. She next presented two detailed accounting examples. The first was for a diffserv service with integrated accounting. The second example showed discrete accounting. She concluded by listing the remaining work items in the field of policy-based accounting. 8. General concluding remarks, collect pink sheets -- John Vollbrecht There will possibly be an interim meeting Sept. 28-29 in Berlin hosted by GMD Fokus. The meeting concluded at 5:30 p.m. * * * * * For more information on the work of the AAA Architecture Research Group, see the RG web page at: http://www.phys.uu.nl/~wwwfi/aaaarch An email list archive with frames can be found at: http://www.fokus.gmd.de/glone/research/aaaarch/ A plain text version of the entire email archive can be downloaded from: http://www.fokus.gmd.de/glone/research/mail-archive/aaaarch-current ftp://ftp.fokus.gmd.de/pub/glone/mail-archive/aaaarch-current