Applicability of a user registration protocol

Download Report

Transcript Applicability of a user registration protocol

Applicability of
a User Registration Protocol
Yoshihiro Ohba (Toshiba America Research, Inc.)
Henry Haverinen (Nokia)
50th IETF BURP BOF, March 20, 2001
Access control issue (1)
Managed access control
•
L2 access control basically provides "all-or-nothing"
access control
•
•
Simple and useful for some cases (DSL, Cable)
Flexible access control would also be useful in certain
cases (network access in public area), e.g.,
• Allow any user to get access to a web site within the edge
subnet to get local area guide information
• Deny unauthorized user to access beyond the edge subnet
50th IETF BURP BOF, March 20, 2001
Access control issue (2)
Multi-homing
• A host may associate with multiple Access Routers (ARs)
• If all ARs belong to the same AAA domain,
AR1
AR2
performing AAA per AR may not be a good idea
• If each AR belongs to a different AAA domain,
H
AAA per AR would be necessary
• These ARs may speak IPv4 only, IPv6 only, or both.
•
AR1
A host may have multiple interfaces
• If all interfaces belong to the same AAA domain,
performing AAA per interface may not be a good idea
H
50th IETF BURP BOF, March 20, 2001
AAA application protocol issue
• AAA application protocols: MIP, SIP, ...
• Each protocol design started without AAA (base spec.)
• Later on, AAA interaction is considered
• Fortunately, no modification is needed for the base spec.
in terms of the last two 'A's (good for modularity)
• Need consideration to deal with the first 'A'
• How to establish an SA with "out of the blue" client?
• MIPv4 has AAA extention to carry registration keys
• It would be very nice if a protocol can be "AAA-ready"
without any modification to its base spec.
• Coupling user registration with key distribution
50th IETF BURP BOF, March 20, 2001
BURP
(Basic User Registration Protocol)
• Is a client-server type protocol that
• Performs user registration to the visiting AAA domain
• Works with Diameter/RADIUS, leveraging AAA infrastructure
in the network based on the information gathered in the
registration phase
• Is a light-weight, application layer protocol that is applicable
• To various devices (e.g., PDA, cellular, laptop) without
modifying kernel or device drivers
• To flexibile access control
• To multi-homing environment
• Is is also used for key distribution for AAA application
protocols
th
50 IETF BURP BOF, March 20, 2001
Thank you!
50th IETF BURP BOF, March 20, 2001
Example of BURP applicability to
SIP
Step 1: The user performs user registration by using BURP
Step 2: If step 1 is successful, authorization information is
pulled from AAA infrastracture.
• The information includes application specific one such as:
a SIP registration key
• Also, access control parameters will be set to access routers
Step 3: The user run SIP.
•
Thanks to the previous steps, authentication for SIP
registration can be done w/o contacting to AAA.
(The example can be applied to other protocol "X" by replacing
"SIP" with "X".)
50th IETF BURP BOF, March 20, 2001
AAA infrastracture
in the core network
1
2
2
BURP Server
1
SIP Server/Proxy
2
3
User Terminal
50th IETF BURP BOF, March 20, 2001
Possible architecture
AAA Protocol
Entity
AAA Protocol Entity (Diameter/RADIUS)
AAA info.
(incl. Registration keys)
BURP Server
(Registration Agent)
Mobile IP
SIP Server Mobility Agent ...
BURP messages
BURP Client
Basic Part of Each Application Protocol
(independent of AAA)
SIP Client
Mobile IP
Mobile Node
...
AR/AP
Network
User
L2 Auth. Terminal
Client
AAA info. (incl. registratin keys)
50th IETF BURP BOF, March 20, 2001