Authentication Authorisation Accounting Architecture Research Group (AAAARCH)

Concluded

Charter

A number of Internet Services require Authentication, Authorization, Accounting and Audit Support. The IETF AAA Working Group is chartered with defining short term requirements for a protocol that will support such services for NASREQ and MobileIP. The work of the IETF AAA group has shown that there are a number of areas where a AAA architecture would be helpful.

This RG will work to define a next generation

AAA architecture that incorporates a set of interconnected “generic” AAA servers and an application interface that allows Application Specific Modules access to AAA functions.

The architecture’s focus is to support AAA services that:

• can inter-operate across organizational boundaries
• are extensible yet common across a wide variety of Internet services
• enables a concept of an AAA transaction spanning many stakeholders
• provides application independent session management mechanisms
• contains strong security mechanisms that be tuned to local policies
• is a scalable to the size of the global Internet

This activity grows from the work of the authorization team of the IETF AAA Working Group. The authorization team has proposed an “AAA Authorization Framework” [2] illustrated with numerous application examples [3] which in turn motivates a proposed list of authorization requirements [4]. This RG will build on the Authorization framework presented in [2] and the “generic” AAA Authorization Architecture presented in [5]. It will also draw on the work of the Policy Framework Working Group as well as security and accounting working groups. It will also work to provide a reasonable transition from existing AAA protocols and from any “interim” protocol approved by the AAA working group.

This group will coordinate closely with the AAA WG and will report in each IETF AAA WG meeting.

Goals and Milestones

• develop generic AAA model by specifically including Authentication and Accounting
• develop auditability framework specification that allows the AAA system functions to be checked in a multi-organization environment
• develop a model for management of a “mesh” of interconnected AAA Servers
• describe interdomain issues using generic model
• define in a high level and abstract way the interfaces between the different components in the architecture
• define distributed AAA related policy framework
• develop an accounting model that allows authorization to define the type of accounting processing required for each session.
• implement a simulation model that allows experimentation with the proposed architecture
• work with RAP WG to develop an Authentication Information management model.
• work with GRID-Forum to align the security and AAA architectural ideas

References

1. Weinrib A, Postel J, “IRTF Research Group Guidelines and Procedures”, RFC 2014, BCP 8, October 1996.
2. J. Vollbrecht et al, “AAA Authorization Framework”, RFC 2904, Informational, August 2000.
3. J. Vollbrecht et al, “AAA Authorization Application Examples”, RFC 2905, Informational, August 2000.
4. S. Farrell et al, “AAA Authorization Requirements”, RFC 2906, Informational, August 2000.
5. C. de Laat et al, “Generic AAA Architecture”, RFC 2903, Experimental, August 2000
6. T. Zseby et al, “Policy-Based Accounting”, RFC 3334, Experimental, October 2002.

Membership

To join the group one is kindly asked to mail the chairs. We do adopt a open mailing list, all discussions will be on the mailing list mentioned above.

Chairs

John Vollbrecht (jrv@umich.edu) and Cees de Laat (cees@delaat.net)

AAAARCHRG closed down on 2004-10-18.