Chapter 6
AAA on the Internet
6.1 Authentication, Authorization, and Accounting
The term AAA has been traditionally used to refer to Authentication, Authorization, and Accounting activities. All of those activities are of crucial importance for the operation of an IP network, although typically they are not so visible to the end user.
The importance of AAA functions lies in the fact that they provide the required protection and control in accessing a network. As a consequence, the administrator of the network can bill the end user for services used. By services we are referring to any type of services related to the access of the network, such as high bandwidth, provision of routing services, gateway services, etc.
Before we proceed with this chapter, let us agree on a common terminology.
Authentication. This is the act of verifying the identity of an entity (subject).
Authorization. This is the act of determining whether a requesting entity (subject) will be allowed access to a resource (object) (e.g., network access, certain amount of bandwidth, etc.).
Accounting. This is the act of collecting information on resource usage for the purposes of capacity planning, auditing, billing, or cost allocation.
All of these concepts are intimately linked. For instance, it is not feasible to record the usage of a resource when the entity (subject) making usage of the resource (object) is not yet known. Therefore, in order to account for the usage of a resource the entity has to be authenticated. ...