AAA protocol
   HOME

TheInfoList



OR:

Authentication, authorization, and accounting (AAA) is a framework used to control and track access within a computer network.
Authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
is concerned with proving identity,
authorization Authorization or authorisation (see American and British English spelling differences#-ise, -ize (-isation, -ization), spelling differences), in information security, computer security and identity management, IAM (Identity and Access Managemen ...
with granting permissions,
accounting Accounting, also known as accountancy, is the process of recording and processing information about economic entity, economic entities, such as businesses and corporations. Accounting measures the results of an organization's economic activit ...
with maintaining a continuous and robust
audit trail An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific ...
via logging. Common
network protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any variation of a physical quantity. The protocol defines the rules, syntax, semantics, and synchronization of ...
s providing this functionality include
TACACS+ Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dat ...
,
RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...
,C. Rigney, S. Willens, A. Rubens, W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", IETF RFC 2865, June 2000. and
Diameter In geometry, a diameter of a circle is any straight line segment that passes through the centre of the circle and whose endpoints lie on the circle. It can also be defined as the longest Chord (geometry), chord of the circle. Both definitions a ...
.P. Calhoun, J. Loughney, E. Guttman, G. Zorn, J. Arkko, "Diameter Base Protocol", IETF RFC 3588, September 2003.Sasu Tarkoma, "Mobile Middleware: Architecture, Patterns and Practice", John Wiley and Sons, 2009, pp. 248–251. .


Disambiguation

In some related but distinct contexts, the term AAA has been used to refer to protocol-specific information. For example,
Diameter In geometry, a diameter of a circle is any straight line segment that passes through the centre of the circle and whose endpoints lie on the circle. It can also be defined as the longest Chord (geometry), chord of the circle. Both definitions a ...
uses the URI scheme AAA, which also stands for "Authentication, Authorization and Accounting", as well as the Diameter-based Protocol AAAS, which stands for "Authentication, Authorization and Accounting with Secure Transport". These protocols were defined by the Internet Engineering Task Force i
RFC 6733
and are intended to provide an AAA framework for applications, such as network access or IP mobility in both local and roaming situations. However, the AAA paradigm is used more widely in the
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
industry.


Usage of AAA servers in CDMA networks

AAA servers in
CDMA Code-division multiple access (CDMA) is a channel access method used by various radio communication technologies. CDMA is an example of multiple access, where several transmitters can send information simultaneously over a single communicatio ...
data networks are entities that provide
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP ...
(IP) functionality to support the functions of authentication, authorization and accounting. The AAA server in the CDMA wireless data network architecture is similar to the HLR in the CDMA wireless voice network architecture. Types of AAA servers include the following: *Access Network AAA (AN-AAA): Communicates with the RNC in the Access Network (AN) to enable authentication and authorization functions to be performed at the AN. The interface between AN and AN-AAA is known as the A12 interface. *Broker AAA (B-AAA): Acts as an intermediary to proxy AAA traffic between roaming partner networks (i.e., between the H-AAA server in the home network and V-AAA server in the serving network). B-AAA servers are used in CRX networks to enable CRX providers to offer billing settlement functions. *Home AAA (H-AAA): The AAA server in the roamer's home network. The H-AAA is similar to the HLR in voice. The H-AAA stores user profile information, responds to authentication requests, and collects accounting information. *Visited AAA (V-AAA): The AAA server in the visited network from which a roamer is receiving service. The V-AAA in the serving network communicates with the H-AAA in a roamer's home network. Authentication requests and accounting information are forwarded by the V-AAA to the H-AAA, either directly or through a B-AAA. Current AAA servers communicate using the
RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...
protocol. As such, TIA specifications refer to AAA servers as RADIUS servers. While at one point it was expected that Diameter was to replace RADIUS, that has not happened. Diameter is largely used only in the mobile (3G/4G/5G) space, and RADIUS is used everywhere else. The behavior of AAA servers (radius servers) in the
CDMA2000 CDMA2000 (also known as C2K or IMT Multi‑Carrier (IMT‑MC)) is a family of 3G mobile technology standards for sending voice, data, and signaling data between mobile phones and cell sites. It is developed by 3GPP2 as a backwards-compatib ...
wireless IP network is specified in TIA-835.


See also

* Layer 8 * Computer access control


References

{{DEFAULTSORT:Authentication, authorization, and accounting Code division multiple access Computer security procedures