Authentication, Authorization and Accounting (AAA)

Authentication, Authorization and Accounting (AAA)

AAA enables control over which users are allowed access to which services, and how much of the resources they have used. The network protocol that provides this function is the RADIUS protocol. Another network that also provides the same function is the newer Diameter. The three are all important and play their own role.

Authentication

This is the process where identity is authenticated. This is usually done by providing evidence that it holds a specific digital identity. Some of these types of credentials include passwords and digital certificates.

Authorization

The authorization portion is the one that determines whether a particular entity is authorized to perform a given activity. This can be determined based on different range of restrictions. One example may be physical location restriction. This means if the user is gaining access from a particular location, the user may not get access. Another restriction may be against multiple access by the same entity or user.

Accounting

Accounting refers to the tracking of network resource consumption by user for the use of capacity and trend analysis, cost allocation or billing. In may also record events such as authentication and authorization failures. This part will show the failed attempts at logging in to the system, place etc.

The information gathered during accounting is the identity of the user or other entity, the nature of the service delivered, when the service began, and when it ended, and if there is a status to report.

http://en.wikipedia.org/wiki/AAA_protocol

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/rad_tac_phase.html