IPP> IETF AAA WG discusses IPP Authorization in I-D

IPP> IETF AAA WG discusses IPP Authorization in I-D

Manros, Carl-Uno B cmanros at cp10.es.xerox.com
Tue Jul 27 20:55:27 EDT 1999


Ira,

I downloaded this document and looked at it. The part about IPP is talking
about the print-by-reference case, which is still unsolved. Whoever wrote
this part seems to have understood the security requirements for
print-by-reference pretty well and outlines three possible ways of meeting
them. I am quite happy with the text so far. 

Unfortunately, this is only a requirements document, what we need is actual
security solutions, but I am happy to register that they at least seem to
have understood the problem correctly which is a good start.

Carl-Uno

> -----Original Message-----
> From: Ira McDonald [mailto:imcdonal at sdsp.mc.xerox.com]
> Sent: Tuesday, July 27, 1999 8:10 AM
> To: ipp at pwg.org
> Subject: IPP> IETF AAA WG discusses IPP Authorization in I-D
> 
> 
> 
> Hi folks,                                         Tuesday (27 
> July 1999)
> 
> This I-D come from the IETF's AAA WG last month.  The 
> following excerpt
> will show why we ALL should have been reading this document sooner:
> 
> [Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
> "AAA Authorization Architecture and Requirements", 06/22/1999, 
> <draft-ietf-aaa-authorization-reqs-00.txt>]
> 
> Table of Contents
>    Appendix -- Examples of Authorization Applications 
> .............   30
>       A.4. Internet Printing 
> ......................................   50
>            A.4.1. Trust Relationships 
> .............................   51
>            A.4.2. Use of Attribute Certificates 
> ...................   52
>            A.4.3. IPP and the Authorization Descriptive Model 
> .....   53
> 
> IPP folks interested in either security or 
> notification/statistics NEED
> to look at this document.  These folks have an IETF chartered working
> group addressing AAA in a comprehensive fashion.  Their recent I-Ds:
> 
> "Roamops Authentication/Authorization Requirements", 03/23/1999,
> <draft-ietf-aaa-roamops-auth-req-00.txt>
> 
> "AAA Authorization Architecture and Requirements", 06/22/1999,
> <draft-ietf-aaa-authorization-reqs-00.txt>
> 
> "Mobile IP Authentication, Authorization, and Accounting 
> Requirements",
> 06/30/1999, <draft-ietf-aaa-mobile-ip-req-00.txt>
> 
> Cheers,
> - Ira McDonald
>   High North Inc
>   906-494-2697/2434
> 
> --------------------------------------------------------------
> ----------
> [Excerpt from I-D at 'ftp://ftp.ietf.org/internet-drafts/',
> "AAA Authorization Architecture and Requirements", 06/22/1999,
> <draft-ietf-aaa-authorization-reqs-00.txt>]
> 
> Abstract
> 
>    This memo serves as the base requirements for Authorization of
>    Internet Resources and Services (AIRS).  It presents an 
> architectural
>    framework for understanding the authorization of Internet resources
>    and services and derives requirements for authorization protocols.
>    The authorization needs of several different applications are
>    considered in a lengthy appendix.
> 
> 
> Table of Contents
> 
>    Status of this Memo 
> ............................................    1
>    Copyright Notice 
> ...............................................    2
>    Abstract 
> .......................................................    2
>    1. Introduction 
> ................................................    3
>    2. Architecture 
> ................................................    4
>       2.1. Single Domain Case 
> .....................................    7
>            2.1.1. The Push Sequence 
> ...............................    7
>            2.1.2. The Pull Sequence 
> ...............................    8
>            2.1.3. The Indirect Sequence 
> ...........................    9
>       2.2. Roaming 
> ................................................   10
>       2.3. Distributed Services 
> ...................................   13
>       2.4. Combining Roaming and Distributed Services 
> .............   15
>       2.5. Use of Policy to Store Authorization Data 
> ..............   16
>       2.6. Use of Attribute Certificates 
> ..........................   18
>       2.7. Resource Management 
> ....................................   21
>            2.7.1. Session Management 
> ..............................   21
>            2.7.2. The Resource Manager 
> ............................   22
>       2.8. AAA Message Forwarding and Delivery 
> ....................   24
>       2.9. End-to-End Security 
> ....................................   25
>       2.10. Streamlined Authorization Process 
> .....................   26
>       2.11. Summary of the Architecture 
> ...........................   26
>    3. Requirements for Authorization Protocol 
> .....................   27
>       3.1. Requirements for Authorization Attribute Handling 
> ......   27
>            3.1.1. Basic Requirements 
> ..............................   27
>            3.1.2. Requirements for Attribute Certificates 
> .........   28
>    4. Security Considerations 
> .....................................   29
>       4.1. Security Considerations in Existing Systems 
> ............   29
>       4.2. Security Considerations of Proposed Architecture 
> .......   29
>    Appendix -- Examples of Authorization Applications 
> .............   30
>       A.1. PPP Dialin with Roaming 
> ................................   30
>            A.1.1. Descriptive Model 
> ...............................   30
>            A.1.2. Authorization Requirements 
> ......................   32
>       A.2. Mobile-IP 
> ..............................................   32
>            A.2.1. Relationship to the Architecture 
> ................   35
>            A.2.2. Minimized Internet Traversal 
> ....................   36
>            A.2.3. Key Distribution 
> ................................   36
>            A.2.4. Mobile-IP Authorization Requirements 
> ............   37
>       A.3. Bandwidth Broker 
> .......................................   38
>            A.3.1. Model Description 
> ...............................   38
>            A.3.2. Components of the Two-Tier Model 
> ................   38
>            A.3.3. Identification of Contractual Relationships 
> .....   39
>                 A.3.3.1. Single-Domain Case 
> .......................   39
>                 A.3.3.2. Multi-Domain Case 
> ........................   40
>            A.3.4. Identification of Trust Relationships 
> ...........   40
>            A.3.5. Communication Models and Trust 
> ..................   43
>            A.3.6. Bandwidth Broker Communication Models 
> ...........   44
>                 A.3.6.1. Concepts 
> .................................   44
>                 A.3.6.2. Bandwidth Broker Work Phases 
> .............   45
>                 A.3.6.3. Inter-Domain Signalling 
> ..................   45
>                 A.3.6.4. Communication Architecture 
> ...............   47
>                 A.3.6.5. Two-Tier Inter-Domain Model 
> ..............   48
>            A.3.7. Requirements 
> ....................................   49
>       A.4. Internet Printing 
> ......................................   50
>            A.4.1. Trust Relationships 
> .............................   51
>            A.4.2. Use of Attribute Certificates 
> ...................   52
>            A.4.3. IPP and the Authorization Descriptive Model 
> .....   53
>       A.5. Electronic Commerce 
> ....................................   54
>            A.5.1. Model Description 
> ...............................   55
>                 A.5.1.1. Components 
> ...............................   55
>                 A.5.1.2. Contractual Relationships 
> ................   56
>                 A.5.1.3. Trust Relationships 
> ......................   57
>                 A.5.1.4. Communication Model 
> ......................   60
>            A.5.2. Multi Domain Model 
> ..............................   62
>            A.5.3. Requirements 
> ....................................   63
>    Glossary 
> .......................................................   66
>    References 
> .....................................................   67
>    Authors' Addresses 
> .............................................   68
> 
> 



More information about the Ipp mailing list