Interdomain access control with policy routing

An internetwork consists of heterogeneous domains managed under different administrative authorities. For secure interdomain resource sharing, it is necessary to implement an interdomain access control (IAC) protocol to regulate traffic flow between end-to-end domains and among transit domains. Control of traffic flow in transit domains is closely related to network packet routing protocols. Therefore, when designing an IAC protocol, it is logical to integrate the protocol with the underlying network routing facilities. This paper proposes two IAC protocols: KIAC (Key-based IAC) and TIAC (Ticket-based IAC). Both protocols are built on top of the IDPR (Inter-Domain Policy Routing) suggested by RFC 1479 (M. Steenstrup, 1993). The implementation of KIAC requires each domain to maintain a session key database for forwarding data packets. The TIAC protocol is an enhancement of KIAC to reduce storage requirements. The overhead complexities of the two protocols are analyzed