Generic AAA Architecture
RFC 2903
Document | Type |
RFC - Experimental
(August 2000; No errata)
Was draft-irtf-aaaarch-generic (individual)
|
|
---|---|---|---|
Authors | George Gross , Cees de Laat , David Spence , Leon Gommans , John Vollbrecht | ||
Last updated | 2013-03-02 | ||
Stream | Legacy stream | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2903 (Experimental) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group C. de Laat Request for Comments: 2903 Utrecht University Category: Experimental G. Gross Lucent Technologies L. Gommans Enterasys Networks EMEA J. Vollbrecht D. Spence Interlink Networks, Inc. August 2000 Generic AAA Architecture Status of this Memo This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This memo proposes an Authentication, Authorization, Accounting (AAA) architecture that would incorporate a generic AAA server along with an application interface to a set of Application Specific Modules that could perform application specific AAA functions. A separation of AAA functions required in a multi-domain environment is then proposed using a layered protocol abstraction. The long term goal is to create a generic framework which allows complex authorizations to be realized through a network of interconnected AAA servers. de Laat, et al. Experimental [Page 1] RFC 2903 Generic AAA Architecture August 2000 Table of Contents 1. Introduction ................................................ 2 2. Generic AAA Architecture .................................... 4 2.1. Architectural Components of a Generic AAA Server ....... 4 2.1.1. Authorization Rule Evaluation ................... 4 2.1.2. Application Specific Module (ASM) ............... 5 2.1.3. Authorization Event Log ......................... 6 2.1.4. Policy Repository ............................... 6 2.1.5. Request Forwarding .............................. 6 2.2. Generic AAA Server Model ............................... 6 2.2.1. Generic AAA Server Interactions ................. 7 2.2.2. Compatibility with Legacy Protocols ............. 7 2.2.3. Interaction between the ASM and the Service ..... 9 2.2.4. Multi-domain Architecture ....................... 10 2.3. Model Observations ..................................... 10 2.4. Suggestions for Future Work ............................ 11 3. Layered AAA Protocol Model .................................. 12 3.1. Elements of a Layered Architecture ..................... 14 3.1.1. Service Layer Abstract Interface Primitives ..... 14 3.1.2. Service Layer Peer End Point Name Space ......... 14 3.1.3. Peer Registration, Discovery, and Location Resolution ............................................. 14 3.1.4. Trust Relationships Between Peer End Points ..... 14 3.1.5. Service Layer Finite State Machine .............. 15 3.1.6. Protocol Data Unit Types ........................ 15 3.2. AAA Application Specific Service Layer ................. 15 3.3. Presentation Service Layer ............................. 16 3.4. AAA Transaction/Session Management Service Layer ....... 17 3.5. AAA-TSM Service Layer Program Interface Primitives ..... 20 3.6. AAA-TSM Layer End Point Name Space ..................... 21 3.7. Protocol Stack Examples ................................ 22 4. Security Considerations ..................................... 22 Glossary ....................................................... 23 References ..................................................... 24 Authors' Addresses ............................................. 24 Full Copyright Statement ....................................... 26 1. Introduction The work for this memo was done by a group that originally was the Authorization subgroup of the AAA Working Group of the IETF. When the charter of the AAA working group was changed to focus on MobileIP and NAS requirements, the AAAarch Research Group was chartered within the IRTF to continue and expand the architectural work started by the Authorization subgroup. This memo is one of four which were created by the subgroup. This memo is a starting point for further work within the AAAarch Research Group. It is still a work in progress de Laat, et al. Experimental [Page 2]Show full document text