This paper highlights the concepts and results of our research, leading to demonstrations during the period 2005-2007 to develop a flexible and simple access control model, and corresponding support tools to provision multi-domain optical network resources on demand. We introduce the general network resources provisioning model that extends the Generic AAA Authorisation sequences for multi-domain scenarios, and explain how token based access control and policy enforcement can be used during the provisioned resource access. To build a solid conceptual foundation for the proposed token, based access control, the paper revisits existing token definition and proposes a new definition in the context of our research. We subsequently show the use of tokens during different stages of the lightpath provisioning process. The paper identifies and describes two major scenarios in multidomain lightpath provisioning: the chain and tree approaches. The proposed token concept allows a simple combination of access control enforcement at different networking layers: the packet layer, the path layer, and the service layer. We end with a brief description of a few demonstrations that proves the proposed concepts and illustrates its acceptance by a wider networking community.
展开▼
