Authentication, Authorization, Accounting (AAA) Technologies and Protocols

Authentication, Authorization and Accounting (AAA) is a framework for intelligently controlling access to computer network resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. The AAA is sometimes combined with auditing and accordingly becomes AAAA.

• Authentication refers to the process of validating the claimed identity of an end user or a device, such as a host, server, switch, router, and so on. Authentication is accomplished via the presentation of an identity and credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
• Authorization refers to the act of granting access rights to a user, groups of users, system, or a process, based on their authentication, what services they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Authorization determines the nature of the service which is granted to a user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.
• Accounting refers to the methods to establish who, or what, performed a certain action, such as tracking user connection and logging system users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.
• Auditing refers to an evaluation of an organization, system, process, project or product. Audits are performed to ascertain the validity and reliability of information, and also provide an assessment of a system's internal control.

There are many technologies and protocols defined to achieve the goals defined in the AAA (or AAAA) framework. Some of the AAA Technologies and Protocols are listed below:

• CHAP: Challenge Handshake Authentication Protocol
• DIAMETER Protocol: This protocol is designed to replace the RADIUS.
• EAP: Extensible Authentication Protocol
• Kerberos
• MS-CHAP (MD4)
• PAP: Password Authentication Protocol
• PEAP: Protected Extensible Authentication Protocol
• RADIUS: Remote Authentication Dial-In User Service

TACACS/TACACS+: Terminal Access Controller Access Control System
Authentication, Authorization, Accounting (AAA) Architecture

Authentication, Authorization, Accounting (AAA) Architecture