Leon Gommans
Leon Gommans∞ is member if the SNE group. He coordinates the research activities around Generic AAA.
He is working on optical networking where he researches the application of tokens (
TokenAuthorization framework) to authorize network elements using in- or out of band signalling.
Also he works on
AuthorizationConcepts based on RFC2904.
Concept definitions within the context of the Generic AAA framework (RFC2904)
Authorization
An
Authorization is the outcome of an
authorization decision made by an
authority.
Authority
An
authority is an entity that has been given the ability to take an
authorization decision based on some
formal arrangement with a
resource, a (group of-) users or another authority.
Authorization decision
An
authorization decision is a decision requested by an
authorization request. An authorization request retrieves a correspondig
driving policy that specifies
policy conditions to be met and
policy actions to be taken.
DrivingPolicy
A driving policy is a policy, consists of one or more if-then-else constructs where the conditional clauses defines
policy conditions and then and else clause contain another if-then-else construct or
policy actions.
Policy Condition
PolicyAction
Authorization request
An authorization request is an authorization message that contains attributes specifying the type of request with corresponding attributes needed to take an authorization decision.
Authorization result
An authorization result is an authorization message that contains the result of an authorization decisions. The authorization result may be either a simple result containing just an integer or boolean value, or may be a complex result if it contains more.
Authorization message
An authorization message is a message which is communicated via an
authorization communication channel.
Secure Authorization message
A secure authorization message is a message which has been cryptographically protected, such that it ensures message integrity and authenticity an possibly confidentiality. Security is based on trust, which is created by key material present on both the sending and receiving end of an authorization message. In managing trust, the key material is made available at both ends in a secure fashion. Trust management is outside the scope of Generic AAA and is assumed to be present.
Formal arrangement
Formal arrangements are used to define and establish
trust relations, such that authorities, users and resources may take part in an authorization sequence in an agreed fashion according to rules established by the formal arrangements.
Categories
CategoryUsers