An Extensible Access Control Architecture for Software Defined Networks based on X.812

Abstract

The software-defined networking paradigm adds flexibility to network management as it allows the policy application in fined-grained flow level. However, the traditional definition of flow disregards user identification credentials. Thus, Identity Management in software-defined networking is a current challenge. In this paper, we propose an access control architecture for software-defined networking, based on ITU X.812 standard and implemented on AuthFlow authentication framework. The proposed architecture integrates AuthFlow with an attribute repository that maps network policies to user attributes. The proposal supports its integration with identity federation, and we evaluate it under a role-based access control model. The evaluated use case is a service differentiation policy according to the role of each user. The evaluation results demonstrate the correct application of the quality of service according to the role of the flow target user.