LIFPEAR: Light-weight Flexible Protocol to Exchange Accounting Records

Accounting relies on successful user authentication and authorization in a distributed system or federated environment. Once the access to a given resource is granted, resource usage has to be accounted in a reliable manner. The accounting process is composed by the exchange of "accounting information" between who monitor the resource usage and who store such information in a repository — possibly to start billing. The mentioned exchange of "accounting information" are accounting records that need to be built, exchanged between accounting clients/servers, and stored accordingly.

There are several Accounting Protocols, like RADIUS [4], Diameter [3], and TACACS [2]. However, since these protocols are robust protocols designed for Authentication, Authorization and Accounting (AAA) [5], employing such solutions in a fine-adjusted manner is technically and time-wise costly. Not mentioning that if users want to exchange accounting records in a reliable way, without high configuration efforts, these protocols are not considered to be slim and light-weight.

Therefore, focusing on the exchange of accounting records — being reliable at the same time — becomes the necessity. Thus, the respective design and implementation as well evaluation of such a protocol will be able to bridge this gap.

The work to be performed in this Bachelor Thesis will focus on the design, implementation, and evaluation of the LIFPEAR (Light-weight Flexible Protocol to Exchange Accounting Records). Such protocol was partially designed in the context of a project called Accounting and Monitoring of AAI Services (AMAAIS) [1].

The main goal of the LIFEPAR protocol is, as explicit in its name, to be light-weight and flexible at the same time, aiming to focus on the exchange accounting records in a reliable manner. These requirements are better described in the items below:

• Light-weight in the sense that it should transfer the minimal amount of data through the network to accomplish the exchange of accounting records.
• The flexibility is related to extensibility and adaptability. LIFPEAR should handle extensions in the future without redesign, as well as it should be adapted in any context that involves the exchange of accounting records.
• The protocol should be designed to work on the top of HTTP since (1) nowadays most networks allow HTTP traffic without configuring additional firewall rules, and (2) because HTTP is a request/response protocol that relies on TCP (having, for example, packet loss control).

References:

[1] Communication Systems Group, IFI, UZH: Accounting and Monitoring of AAI Services (AMAAIS). Available at : http://www.csg.uzh.ch/research/amaais. Last visit on Sept. 2010.   
[2] IETF RFC: An Access Control Protocol, Sometimes Called TACACS. Available at: http://www.ietf.org/rfc/rfc1492.txt. Last visit on Sept. 2010.
[3] IETF RFC: Diameter Base Protocol. Available at: http://www.ietf.org/rfc/rfc3588.txt. Last visit on Sept. 2010.
[4] IETF RFC: Remote Authentication Dial In User Service (RADIUS). Available at: http://www.ietf.org/rfc/rfc2865.txt. Last visit on Sept. 2010.
[5] C. Metz: AAA protocols: authentication, authorization, and accounting for the Internet, IEEE Internet Computing, Nov/Dec 1999, Vol. 3, No.6, pp.75-79. doi:10.1109/4236.807015