[Access Control] Activity Kick-off
Hi all,
As you may recall, there was a presentation in London about providing
access control to IEs held by the Information Server. This was intended
to start addressing some concerns raised by operators about what
information is shared with whom.
After a chat with Vivek, we thought it might be easier to continue these
discussions on the 802.21 mailing list (hopefully interested Ambient
people will have signed up by now), so here is an e-mail to kick this
activity off.
The main implication of introducing support for Access Control seems to
be the following:
1) we need to include something in the query message that identifies the
user.
2) we need someway to verify the user identity
3) we need someway to distribute policies associated with that user to
the Information Server so it can decide what information it should send.
Options for 1):
- introduce a new user identity IE that is included in the request
messages
- make use of the current MIHF ID (although some reservations about this
option were expressed in London)
Options for 2):
This is quite a complicated issue, especially when you consider roaming
scenarios with multiple domains (as Raffaele discussed during his
presentation - 21-07-0035).
Possibly the simplest approach would be to reuse some, or all, of the
existing AAA infrastructure somehow, and limit the information the user
can access before authentication to a set of non-sensitive IEs..?
Otherwise we will end up trying to define our own authentication
procedures.
Options for 3):
Lots. But I'm not sure this is something that falls within the scope of
802.21?
Comments/opinions appreciated.
Thanks
Ele