< draft-irtf-aaaarch-generic-00.txt		draft-irtf-aaaarch-generic-01.txt >
	INTERNET DRAFT C. de Laat		INTERNET DRAFT C. de Laat
	draft-irtf-aaaarch-generic-00.txt Utrecht University		draft-irtf-aaaarch-generic-01.txt Utrecht University
	G. Gross		G. Gross
	Lucent Technologies		Lucent Technologies
	L. Gommans		L. Gommans
	Cabletron Systems EMEA		Cabletron Systems EMEA
	J. Vollbrecht		J. Vollbrecht
	Merit Network, Inc.		Merit Network, Inc.
	D. Spence		D. Spence
	Merit Network, Inc.		Merit Network, Inc.
	January 2000		March 2000
	Generic AAA Architecture		Generic AAA Architecture
	Status of this Memo		Status of this Memo
	This document is an Internet-Draft and is in full conformance with		This document is an Internet-Draft and is in full conformance with
	all provisions of Section 10 of RFC2026 [1].		all provisions of Section 10 of RFC2026 [1].
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	skipping to change at page 2, line 24 ¶		skipping to change at page 2, line 24 ¶
	of interconnected AAA servers.		of interconnected AAA servers.
	Table of Contents		Table of Contents
	Status of this Memo ............................................ 1		Status of this Memo ............................................ 1
	Copyright Notice ............................................... 1		Copyright Notice ............................................... 1
	Abstract ....................................................... 2		Abstract ....................................................... 2
	1. Introduction ................................................ 3		1. Introduction ................................................ 3
	2. Generic AAA Architecture .................................... 4		2. Generic AAA Architecture .................................... 4
	2.1. Architectural Components of a Generic AAA Server ....... 4		2.1. Architectural Components of a Generic AAA Server ....... 4
	2.1.1. Authorization Rule Evaluation ................... 4		2.1.1. Authorization Rule Evaluation ................... 5
	2.1.2. Application Specific Module (ASM) ............... 5		2.1.2. Application Specific Module (ASM) ............... 5
	2.1.3. Authorization Event Log ......................... 6		2.1.3. Authorization Event Log ......................... 6
	2.1.4. Policy Repository ............................... 6		2.1.4. Policy Repository ............................... 6
	2.1.5. Request Forwarding .............................. 6		2.1.5. Request Forwarding .............................. 6
	2.2. Generic AAA Server Model ............................... 6		2.2. Generic AAA Server Model ............................... 6
	2.2.1. Generic AAA Server Interactions ................. 7		2.2.1. Generic AAA Server Interactions ................. 7
	2.2.2. Compatibility with Legacy Protocols ............. 7		2.2.2. Compatibility with Legacy Protocols ............. 8
	2.2.3. Interaction between the ASM and the Service ..... 8		2.2.3. Interaction between the ASM and the Service ..... 8
	2.2.4. Multi-domain Architecture ....................... 9		2.2.4. Multi-domain Architecture ....................... 9
	2.3. Model Observations ..................................... 10		2.3. Model Observations ..................................... 10
	2.4. Suggestions for Future Work ............................ 11		2.4. Suggestions for Future Work ............................ 11
	3. Layered AAA Protocol Model .................................. 12		3. Layered AAA Protocol Model .................................. 12
	3.1. Elements of a Layered Architecture ..................... 13		3.1. Elements of a Layered Architecture ..................... 13
	3.1.1. Service Layer Abstract Interface Primitives ..... 14		3.1.1. Service Layer Abstract Interface Primitives ..... 14
	3.1.2. Service Layer Peer End Point Name Space ......... 14		3.1.2. Service Layer Peer End Point Name Space ......... 14
	3.1.3. Peer Registration, Discovery, and Location		3.1.3. Peer Registration, Discovery, and Location
	Resolution ............................................. 14		Resolution ............................................. 14
	skipping to change at page 3, line 10 ¶		skipping to change at page 3, line 10 ¶
	3.5. AAA-TSM Service Layer Program Interface Primitives ..... 20		3.5. AAA-TSM Service Layer Program Interface Primitives ..... 20
	3.6. AAA-TSM Layer End Point Name Space ..................... 21		3.6. AAA-TSM Layer End Point Name Space ..................... 21
	3.7. Protocol Stack Examples ................................ 21		3.7. Protocol Stack Examples ................................ 21
	4. Security Considerations ..................................... 22		4. Security Considerations ..................................... 22
	Glossary ....................................................... 23		Glossary ....................................................... 23
	References ..................................................... 23		References ..................................................... 23
	Authors' Addresses ............................................. 23		Authors' Addresses ............................................. 23
	1. Introduction		1. Introduction
	This memo grows from the work originally done by the authorization		The work for this memo was done by a group that originally was the
	team of the AAA Working Group and now being carried on in the AAAarch		Authorization subgroup of the AAA Working Group of the IETF. When
	Research Group. The authorization team proposed an "AAA		the charter of the AAA working group was changed to focus on MobileIP
			and NAS requirements, the AAAarch Research Group was chartered within
			the IRTF to continue and expand the architectural work started by the
			Authorization subgroup. This memo is one of four which were created
			by the subgroup. This memo is a starting point for further work
			within the AAAarch Research Group. It is still a work in progress
			and is published so that the work will be available for the AAAarch
			subgroup and others working in this area, not as a definitive
			description of architecture or requirements.
			The authorization subgroup of the AAA Working Group proposed an "AAA
	Authorization Framework" [2] illustrated with numerous application		Authorization Framework" [2] illustrated with numerous application
	examples [3] which in turn motivates a proposed list of authorization		examples [3] which in turn motivates a proposed list of authorization
	requirements [4]. This memo builds on the framework presented in [2]		requirements [4]. This memo builds on the framework presented in [2]
	by proposing an AAA infrastructure consisting of a network of		by proposing an AAA infrastructure consisting of a network of
	cooperating generic AAA servers communicating via a standard		cooperating generic AAA servers communicating via a standard
	protocol. The protocol should be quite general and should support		protocol. The protocol should be quite general and should support
	the needs of a wide variety of applications requiring AAA		the needs of a wide variety of applications requiring AAA
	functionality. To realize this goal, the protocol will need to		functionality. To realize this goal, the protocol will need to
	operate in a multi-domain environment with multiple service providers		operate in a multi-domain environment with multiple service providers
	as well as entities taking on other AAA roles such as User Home		as well as entities taking on other AAA roles such as User Home
	skipping to change at page 23, line 33 ¶		skipping to change at page 23, line 33 ¶
	User Home Organization (UHO) -- An organization with whom the User		User Home Organization (UHO) -- An organization with whom the User
	has a contractual relationship which can authenticate the User and		has a contractual relationship which can authenticate the User and
	may be able to authorize access to resources or services.		may be able to authorize access to resources or services.
	References		References
	[1] Bradner, Scott, "The Internet Standards Process -- Revision 3",		[1] Bradner, Scott, "The Internet Standards Process -- Revision 3",
	RFC 2026, BCP 9, October 1996.		RFC 2026, BCP 9, October 1996.
	[2] Vollbrecht, John, et al, "AAA Authorization Framework", draft-		[2] Vollbrecht, John, et al, "AAA Authorization Framework", draft-
	irtf-aaaarch-authorization-framework-00.txt, January 2000.		irtf-aaaarch-authorization-framework-01.txt, March 2000.
	[3] Vollbrecht, John, et al, "AAA Authorization Application		[3] Vollbrecht, John, et al, "AAA Authorization Application
	Examples", draft-irtf-aaaarch-authorization-apps-00.txt, January		Examples", draft-irtf-aaaarch-authorization-apps-01.txt, March
	2000.		2000.
	[4] Vollbrecht, John, et al, "AAA Authorization Requirements",		[4] Vollbrecht, John, et al, "AAA Authorization Requirements",
	draft-irtf-aaaarch-authorization-reqs-00.txt, January 2000.		draft-irtf-aaaarch-authorization-reqs-01.txt, March 2000.
	[5] Blaze, Matt et al, "The KeyNote Trust-Management System Version		[5] Blaze, Matt et al, "The KeyNote Trust-Management System Version
	2", RFC 2704, September 1999.		2", RFC 2704, September 1999.
	Authors' Addresses		Authors' Addresses
	Cees T.A.M. de Laat		Cees T.A.M. de Laat
	Physics and Astronomy dept.		Physics and Astronomy dept.
	Utrecht University		Utrecht University
	Pincetonplein 5,		Pincetonplein 5,
	3584CC Utrecht		3584CC Utrecht
End of changes. 8 change blocks.
	10 lines changed or deleted		20 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/