QoS NSLP Authorization Issues (draft-tschofenig-nsis-qos-authz-issues-00.txt) - PowerPoint PPT Presentation

About This Presentation
Title:

QoS NSLP Authorization Issues (draft-tschofenig-nsis-qos-authz-issues-00.txt)

Description:

The new 'QoS NSLP Authorization Issues' draft does not replace the 'NSIS AAA' draft. ... Should a authorization request always travel to the user's home network? i.e. ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 9
Provided by: HannesTs8
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: QoS NSLP Authorization Issues (draft-tschofenig-nsis-qos-authz-issues-00.txt)


1
QoS NSLP Authorization Issues (draft-tschofenig-n
sis-qos-authz-issues-00.txt)
  • Authors
  • H. Tschofenig
  • H. Schulzrinne
  • M. Buechli
  • S. Van den Bosch
  • T. Chen

2
Background / History
  • At the 55th IETF Steve Bellovin talked about
    security issues in NSIS.
  • He pointed to the importance of authorization for
    an NSIS protocol.
  • As a result we worked on the NSIS AAA draft to
    capture the details (see draft-tschofenig-nsis-aaa
    -issues-01.txt)
  • The draft has not received the necessary
    attention due to problems with the terminology
    (e.g. the term AAA is, by many, associated with
    the AAA working group).

3
Why the new draft?
  • The new QoS NSLP Authorization Issues draft
    does not replace the NSIS AAA draft.
  • It has a different focus and describes the
    problem from a different point of view.
  • It is shorter.
  • It is more abstract.
  • It raises short and precise questions.
  • The questions demand some answers.

4
Applicability Statement
  • Draft addresses only authorization issues for QoS
    NSLPs.
  • Authorization for NAT/firewall traversal is
    covered in the NSIS-Midcom Problem Statement and
    Framework draft.
  • The draft primarily addresses the problems of
    User-to- authorization.
  • Authorization handling for intra-domain signaling
    is, in general, different.
  • Work is also important for the RSVP Security
    Properties draft
  • What does RSVP offer? ? What is required?

5
Question 1 What information should be used to
compute the authorization decision?
  • Price
  • (price of the end-to-end QoS reservation)
  • QoS objects
  • (based on the QoS resource request)
  • Policy rules
  • (e.g. time of day, subscription to certain
    services, membership, etc.)

6
Question 2 How long is the authorization
decision valid?
  • Per request
  • (e.g. a request for more QoS resources than
    previously requested)
  • Per session
  • (e.g. only during the initial setup of a QoS
    resource)
  • Periodically
  • (authorization decision is repeated after a
    certain time interval)
  • Event triggered
  • (as soon as something changes e.g. price
    change due to mobility)

7
Question 3 Which entity should be involved in
the authorization decision?
  • This is actually a more difficult question. It is
    necessary to read the draft (see two-party vs.
    three-party scenarios).
  • Example A mobile host is attached to a visited
    network.
  • Should a authorization request always travel
    to the users home network? i.e.
  • Should the users home network always be
    involved in the authorization decision?
  • Should the mobile host (or user) always
    participate in this exchange? (three party
    exchange)

8
Summary and Next Steps
  • Authorization is an important aspect for a QoS
    NSLP.
  • It must be considered when new features (e.g.
    proxy behavior) are introduced.
  • The approach chosen for authorization will
    heavily influence mobility performance.
  • Some decisions have to be made and documented.
  • How to handle QoS authorization document?
  • Separate document?
  • Incorporated into the QoS NSLP document(s)?
Write a Comment
User Comments (0)
About PowerShow.com