AAA protocol

AAA protocol

In computer security, AAA stands for “authentication, authorization and accounting”. The AAA is sometimes combined with auditing and accordingly becomes AAAA.

; Authentication : Authentication refers to the process of establishing the digital identity of one entity to another entity. Commonly one entity is a client (a user, a client computer, etc.) and the other entity is a server (computer). Authentication is accomplished via the presentation of an identity and its corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).

; Authorization : Authorization refers to the granting of specific types of privileges (including "no privilege") to an entity or a user, based on their authentication, what privileges they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Most of the time the granting of a privilege constitutes the ability to use a certain type of service. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

; Accounting : Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.

Requirements

* RFC 2194 Review of Roaming Implementations
* RFC 2477 Criteria for Evaluating Roaming Protocols
* RFC 2881 Network Access Server Requirements Next Generation (NASREQNG) NAS Model
* RFC 2903 Generic AAA Architecture
* RFC 2904 AAA Authorization Framework
* RFC 2905 AAA Authorization Application Examples
* RFC 2906 AAA Authorization Requirements
* RFC 3169 Criteria for Evaluating Network Access Server Protocols
* RFC 3539 AAA Transport Profile
* RFC 1234 AAA Transport Profile

List of AAA Protocols

* RADIUS
* Diameter
* TACACS
* TACACS+

Other protocols used in combination with the above:
* PPP
* EAP
* PEAP
* LEAP
* LDAP

Usage of AAA servers in CDMA data networks

AAA servers in CDMA data networks are entities that provide Internet Protocol (IP) functionality to support the functions of authentication, authorization and accounting. The AAA server in the CDMA wireless data network architecture is similar to the HLR in the CDMA wireless voice network architecture.

Types of AAA servers include the following::*Access Network AAA (AN-AAA) – Communicates with the RNC in the Access Network (AN) to enable authentication and authorization functions to be performed at the AN. The interface between AN and AN-AAA is known as the A12 interface. :*Broker AAA (B-AAA) – Acts as an intermediary to proxy AAA traffic between roaming partner networks (i.e., between the H-AAA server in the home network and V-AAA server in the serving network). B-AAA servers are used in CRX networks to enable CRX providers to offer billing settlement functions. :*Home AAA (H-AAA) – The AAA server in the roamer's home network. The H-AAA is similar to the HLR in voice. The H-AAA stores user profile information, responds to authentication requests, and collects accounting information.:*Visited AAA (V-AAA) – The AAA server in the visited network from which a roamer is receiving service. The V-AAA in the serving network communicates with the H-AAA in a roamer's home network. Authentication requests and accounting information are forwarded by the V-AAA to the H-AAA, either directly or through a B-AAA.

Current AAA servers communicate using the RADIUS protocol. As such, TIA specifications refer to AAA servers as RADIUS servers. However, future AAA servers are expected to use a successor protocol to RADIUS known as Diameter.

The behavior of AAA servers (RADIUS servers) in the CDMA2000 wireless IP network is specified in TIA-835.

External links

* [http://tools.ietf.org/wg/aaa/ The webpage of the Authentication, Authorization and Accounting IETF working group]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • AAA — or Triple A may just mean something that is high quality, premier, or excellent, or be a three letter acronym. As a proper word Aaa, in the English language it is only found in the name of the Aaa Water Treader ( Cavaticovelia aaa ), a true bug… …   Wikipedia

  • Diameter (protocol) — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

  • Internet Group Management Protocol with Access Control (IGMP-AC) — The Internet Group Management Protocol with Access Control (IGMP AC) has been designed for incorporating AAA functionalities in the existing IP multicast model. It will enforce authentication and authorization of an end user or receiver before… …   Wikipedia

  • Hypertext Transfer Protocol — HTTP Persistence · Compression · HTTPS Request methods OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT Header fields Cookie · ETag · Location · Referer DNT · …   Wikipedia

  • Extensible Authentication Protocol — Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point to Point connections. It is defined in RFC 3748, which has been updated by RFC 5247. Although the EAP protocol is… …   Wikipedia

  • Lightweight Directory Access Protocol — (LDAP) est à l origine un protocole permettant l interrogation et la modification des services d annuaire. Ce protocole repose sur TCP/IP. Il a cependant évolué pour représenter une norme pour les systèmes d annuaires, incluant un modèle de… …   Wikipédia en Français

  • Network News Transfer Protocol — The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. Brian Kantor of the… …   Wikipedia

  • File Transfer Protocol — Pour les articles homonymes, voir FTP. File Transfer Protocol Fonction Transfert de fichier Sigle F …   Wikipédia en Français

  • Hypertext Transfer Protocol — Fonction Transmission d hypertexte Sigle HTTP Date de création 1990 …   Wikipédia en Français

  • Extensible Messaging and Presence Protocol — Fonction Messagerie instantanée Sigle XMPP Port 5222 RFC …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”