[Nsi-wg] Authorization in NSI

[John MacAuley]

Peoples,

Before Christmas I pulled together an NSI security omnibus capturing content from Han's AAI document and discussions we had been having on the mechanisms needed to convey security information in the NSI protocol.  In addition, I tried to capture the routing policy requirements we have been discussing so I could have a clear view of what issues we are trying to solve.  This lead to me writing a proposal for two solutions for the enforcement of end-to-end routing policy that require no changes to the existing CS protocol.

As we start preparing for the Washington meeting I have decided to break the document up into three (or four) slide packages for discussion/presentation.  I have attached the first of these slide packages.  This one deals with the fundamental principles of security in NSI, and the topic of end user Authorization.  Included in the slide package is the definition of an "originatingId" as agreed to in Uppsala last September.  It captures the identifier of the originating uRA and the identity of the requesting user/application.  In addition, it shows how end user authorization information can be generically included in the NSI header for use by end uPA.

Thank you,
John


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OGF_Authorization_in_NSI_v3.ppt
Type: application/vnd.ms-powerpoint
Size: 750592 bytes
Desc: not available
URL: <http://www.ogf.org/pipermail/nsi-wg/attachments/20150204/16643795/attachment-0001.ppt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1626 bytes
Desc: not available
URL: <http://www.ogf.org/pipermail/nsi-wg/attachments/20150204/16643795/attachment-0001.bin>