- Authentication refers to the process of validating the claimed identity of an end user or a device, such as a host, server, switch, router, and so on. Authentication is accomplished via the presentation of an identity and credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
- Authorization refers to the act of granting access rights to a user, groups of users, system, or a process, based on their authentication, what services they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Authorization determines the nature of the service which is granted to a user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.
- Accounting refers to the methods to establish who, or what, performed a certain action, such as tracking user connection and logging system users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.
- Auditing refers to an evaluation of an organization, system, process, project or product. Audits are performed to ascertain the validity and reliability of information, and also provide an assessment of a system's internal control.
- CHAP: Challenge Handshake Authentication Protocol
- DIAMETER Protocol: This protocol is designed to replace the RADIUS.
- EAP: Extensible Authentication Protocol
- Kerberos
- MS-CHAP (MD4)
- PAP: Password Authentication Protocol
- PEAP: Protected Extensible Authentication Protocol
- RADIUS: Remote Authentication Dial-In User Service
Authentication, Authorization, Accounting (AAA) Architecture
Authentication, Authorization, Accounting (AAA) Architecture
No comments:
Post a Comment