Authentication, authorization, and accounting (AAA) is a security architecture for distributed distributed systems, which enables control over which users are allowed access to which services, and how much of the resources they have used.
The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
After authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.
The final process is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.
Reference:
http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting
http://en.wikipedia.org/wiki/AAA_protocol
Reference:
http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting
http://en.wikipedia.org/wiki/AAA_protocol
After reading your post on Authentication, Authorization and Accounting, I have a better understanding on the steps and process of how AAA grant users access and what type of access could be grant. Apart from granting access, I also understand that AAA provides logging which can be use for different purposes such as billing, auditing, analysis and future planning activities.
ReplyDeleteAfter reading your post on AAA, I understand how each A does its own work and what are the functions it does. Thank you for your good post.
ReplyDeleteThe light is shining on me after I've read this post.