Chapter 7
AAA in the IMS
Authentication and authorization are generally linked in the IMS. In contrast, accounting is a separate function executed by different nodes. This was the reason why we decided to separate the description of authentication and authorization from the description of accounting. Section 7.1 discusses authentication and authorization, and Section 7.4 discusses accounting.
7.1 Authentication and Authorization in the IMS
Figure 7.1 shows the IMS architecture for performing authentication and authorization functions. There are three interfaces over which authentication and authorization actions are performed (namely the Cx, Dx, and Sh interfaces).
The Cx interface is specified between a Home Subscriber Server (HSS) and either an I-CSCF or an S-CSCF. When more than a single HSS is present in a home network there is a need for a Subscription Locator Function (SLF) to help the I-CSCF or S-CSCF to determine which HSS stores the data for a certain user. The Dx interface connects an I-CSCF or S-CSCF to an SLF running in Diameter redirect mode.
The Sh interface is specified between an HSS and either a SIP Application Server or an OSA Service Capability Server (for a complete description of the different types of Application Server in the IMS, see Section 5.8.2).
In all of these interfaces the protocol used between any two nodes is Diameter (specified in RFC 3588 [96]) with an IMS-specific tailored application. Such a Diameter application defines new Diameter command ...