Browse Prior Art Database

Generic AAA Architecture (RFC2903)

IP.com Disclosure Number: IPCOM000005085D
Original Publication Date: 2000-Aug-01
Included in the Prior Art Database: 2001-Aug-15
Document File: 27 page(s) / 61K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. de Laat: AUTHOR [+5]

Abstract

This memo proposes an Authentication, Authorization, Accounting (AAA) architecture that would incorporate a generic AAA server along with an application interface to a set of Application Specific Modules that could perform application specific AAA functions. A separation of AAA functions required in a multi-domain environment is then proposed using a layered protocol abstraction. The long term goal is to create a generic framework which allows complex authorizations to be realized through a network of interconnected AAA servers.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group C. de Laat Request for Comments: 2903 Utrecht University Category: Experimental G. Gross Lucent Technologies

L. Gommans Enterasys Networks EMEA J. Vollbrecht

D. Spence Interlink Networks, Inc.

August 2000

Generic AAA Architecture

Status of this Memo

This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memo proposes an Authentication, Authorization, Accounting (AAA) architecture that would incorporate a generic AAA server along with an application interface to a set of Application Specific Modules that could perform application specific AAA functions. A separation of AAA functions required in a multi-domain environment is then proposed using a layered protocol abstraction. The long term goal is to create a generic framework which allows complex authorizations to be realized through a network of interconnected AAA servers.

de Laat, et al. Experimental [Page 1]

RFC 2903 Generic AAA Architecture August 2000

Table of Contents

1. Introduction ................................................ 2 2. Generic AAA Architecture .................................... 4 2.1. Architectural Components of a Generic AAA Server ....... 4 2.1.1. Authorization Rule Evaluation ................... 4 2.1.2. Application Specific Module (ASM) ............... 5 2.1.3. Authorization Event Log ......................... 6 2.1.4. Policy Repository ............................... 6

2.1.5. Request Forwarding .............................. 6 2.2. Generic AAA Server Model ............................... 6 2.2.1. Generic AAA Server Interactions ................. 7 2.2.2. Compatibility with Legacy Protocols ............. 7 2.2.3. Interaction between the ASM and the Service ..... 9

2.2.4. Multi-domain Architecture ....................... 10 2.3. Model Observations ..................................... 10

2.4. Suggestions for Future Work ............................ 11 3. Layered AAA Protocol Model .................................. 12 3.1. Elements of a Layered Architecture ..................... 14 3.1.1. Service Layer Abstract Interface Primitives ..... 14 3.1.2. Service Layer Peer End Point Name Space ......... 14 3.1.3. Peer Registration, Discovery, and Location Resolution ............................................. 14 3.1.4. Trust Relationships Between Peer End Points ..... 14 3.1.5. Service Layer Finite State Machine .............. 15

3.1.6. Protocol Data Unit Types ........................ 15 3.2. AAA Application Specific Service Layer ................. 15 3.3. Presentation Service Layer ............................. 16 3.4. AAA Transaction/Session Mana...