1.4. Generic AAA Architecture

We explained the three-party authentication model deploying a AAA server, and throughout this chapter attempted to show why authentication, authorization, and accounting procedures should be performed by the same server: the AAA server. In the remainder of this chapter, we complete this discussion by providing a brief overview of the generic AAA architecture defined by a former subgroup of the AAA working group in IETF. These activities later moved into the AAAArch group within IRTF.

The AAAArch team defined a generic AAA architecture described in the form of the experimental RFC 2903 [GENAAA2903], which specifies how the AAA architecture can interact with other network management entities. Each of these management entities provides a specific service or function, but since it receives assistance from the AAA infrastructure it is seen as an application for the AAA infrastructure (called AAA application). Examples of such services or applications are bandwidth management, quality of service, and mobility services. The fact that RFC 2903 is an experimental RFC indicates that this specification provides guidance (rather than a standard) for how such architectures can be designed in the future. As we will see in later chapters, early AAA protocols such as RADIUS were not designed on the basis of architecture in mind. However, newer protocols such as Diameter are designed this way. Diameter has separate specifications for each application, and this is ...

Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.