50 th ietf burp bof, march 20, 2001 applicability of a user registration protocol yoshihiro ohba...
TRANSCRIPT
50th IETF BURP BOF, March 20, 2001
Applicability of a User Registration Protocol
Yoshihiro Ohba (Toshiba America Research, Inc.)Henry Haverinen (Nokia)
50th IETF BURP BOF, March 20, 2001
Access control issue (1)Managed access control
L2 access control basically provides "all-or-nothing" access control
Simple and useful for some cases (DSL, Cable)
Flexible access control would also be useful in certain cases (network access in public area), e.g.,
Allow any user to get access to a web site within the edge subnet to get local area guide information
Deny unauthorized user to access beyond the edge subnet
50th IETF BURP BOF, March 20, 2001
Access control issue (2)Multi-homing
A host may associate with multiple Access Routers (ARs)
If all ARs belong to the same AAA domain,
performing AAA per AR may not be a good idea
If each AR belongs to a different AAA domain,
AAA per AR would be necessary
These ARs may speak IPv4 only, IPv6 only, or both.
A host may have multiple interfaces
If all interfaces belong to the same AAA domain,
performing AAA per interface may not be a good idea
AR1 AR2
H
H
AR1
50th IETF BURP BOF, March 20, 2001
AAA application protocol issue
AAA application protocols: MIP, SIP, ...
Each protocol design started without AAA (base spec.)
Later on, AAA interaction is considered
Fortunately, no modification is needed for the base spec. in terms of the last two 'A's (good for modularity)
Need consideration to deal with the first 'A'
How to establish an SA with "out of the blue" client?
MIPv4 has AAA extention to carry registration keys
It would be very nice if a protocol can be "AAA-ready" without any modification to its base spec.
Coupling user registration with key distribution
50th IETF BURP BOF, March 20, 2001
BURP (Basic User Registration Protocol)
Is a client-server type protocol that
Performs user registration to the visiting AAA domain
Works with Diameter/RADIUS, leveraging AAA infrastructure in the network based on the information gathered in the registration phase
Is a light-weight, application layer protocol that is applicable
To various devices (e.g., PDA, cellular, laptop) without modifying kernel or device drivers
To flexibile access control
To multi-homing environment
Is is also used for key distribution for AAA application protocols
50th IETF BURP BOF, March 20, 2001
Thank you!
50th IETF BURP BOF, March 20, 2001
Example of BURP applicability to SIP
Step 1: The user performs user registration by using BURP
Step 2: If step 1 is successful, authorization information is pulled from AAA infrastracture.
The information includes application specific one such as: a SIP registration key
Also, access control parameters will be set to access routers
Step 3: The user run SIP.
Thanks to the previous steps, authentication for SIP registration can be done w/o contacting to AAA.
(The example can be applied to other protocol "X" by replacing "SIP" with "X".)
50th IETF BURP BOF, March 20, 2001
User Terminal
BURP Server SIP Server/Proxy
AAA infrastracturein the core network
1
1 2
2
2
3
50th IETF BURP BOF, March 20, 2001
Basic Part of Each Application Protocol(independent of AAA)
Possible architecture
AAA Protocol Entity (Diameter/RADIUS)
SIP Server Mobile IPMobility Agent AR/AP
BURP Server(Registration Agent)
BURP Client SIP Client Mobile IPMobile Node
...
...
UserTerminal
Network
L2 Auth.Client
AAA info. (incl. registratin keys)
AAA info. (incl. Registration keys)
BURP messages
AAA ProtocolEntity