A Stateless Network Architecture for Inter-Enterprise Authentication, Authorization and Accounting
نویسندگان
چکیده
Providing network infrastructure for authenti-cation, authorization and accounting (AAA) functionalities required by inter-enterprise business applications operating over the global Internet is a challenging problem. The infrastructure needs to support large numbers of clients and services, and also to provide secure resources sharing between applications and across organizations. This paper describes a scalable and secure network infrastructure architecture for inter-enterprise AAA services , called .TRUST. The architecture has two novel features: (1) it uses a stateless design for improved security and simplified system structures, and (2) it supports a resource-sharing infrastructure while allowing decentralized management. To illustrate the use of the .TRUST architecture, the paper considers three application examples for which laboratory prototypes have been implemented .
منابع مشابه
Enterprise Wireless Fidelity Implementations Using Port Based Network Access Control (IEEE 802.1X)
Enterprise Wireless Fidelity implementations have complicated requirements for Authentication, Authorization, Accounting (AAA) and detection of unauthorized access. Recent incidents show that unsecured implementations invite severe risk to enterprise network and data (especially for financial and critical sectors). In this paper a secure implementation is proposed which addresses most of the po...
متن کاملAuthentication, Authorization, and Accounting (AAA) Goals for Mobile IPv6
In commercial and enterprise deployments, Mobile IPv6 can be a service offered by a Mobility Services Provider (MSP). In this case, all protocol operations may need to be explicitly authorized and traced, requiring the interaction between Mobile IPv6 and the AAA infrastructure. Integrating the Authentication, Authorization, and Accounting (AAA) infrastructure (e.g., Network Access Server and AA...
متن کاملA new framework for GLIF Interdomain Resource Reservation Architecture (GIRRA)
Many existing and emerging Scientific highend applications (E-science) require end-to-end circuits interconnecting Grid resources for large data transfers. A few advanced networks, mainly National Research and Education Networks (NRENs), such as Surfnet, National Lambda Rail and Internet 2, now provide mechanisms for end-users to reserve and provision lightpaths via middleware referred to as Ne...
متن کاملInter-domain authorization and delegation for business-to-business e-commerce
Security exposures are viewed as a major impediment to the growth of electronic commerce over Internet. The main requirement of inter-enterprise communications is the verification of the role granted by a company to each individual instead of the authentication of individuals based on their universal names as provided by X509 digital ID’s. We depict in this paper an original mechanism for role-...
متن کاملAuthentication, Authorization and Mobility in Openflow-enabled Enterprise Wireless Networks
Large-scale 802.11 wireless networks may benefit from Openflow deployment on its Access Points and other forwarding devices combined with centralized management of data flows on an Openflow controller. The reason is that services such as authentication or routing can be provided in an easier way and more efficiently when operating on a full view of the network rather than dealing with distribut...
متن کامل