Advanced authentication and authorization for quality of service signaling

One of the key requirements of today's and future network infrastructures is to provide Quality of Service (QoS) support for end-to-end applications, by distinguishing the application flows and properly handling them in network nodes. As an important component to achieve Internet QoS, explicit signaling schemes for resource reservation have been proposed, which deal with admission, installation and refreshment of QoS reservation state information. To be useful, any QoS signaling protocol should provide a capability for authentication and authorization of the QoS requests, especially in environments where the end points are not trusted by the network nodes. However, existing protocols for QoS signaling encounter a number of authentication and authorization issues, which limit their application scenarios. The advent of NSIS QoS Signaling Layer Protocol (QoS-NSLP) offers the prospect to overcome some of these issues. After describing the overall design of QoS-NSLP, we present an approach to support advanced authentication and authorization capabilities by using the Extensible Authentication Protocol (EAP). In comparison with existing approaches, this approach, combined with the support for effective interaction with the Authentication, Authorization and Accounting (AAA) infrastructure, provides flexible and extensible authentication and authorization methods for the QoS signaling.