Authentication, Authorization and Accounting (aaa)

NOTE: This charter is a snapshot of the . It may now be out-of-date.

Last Modified: 2006-01-10

Chair(s):

Bernard Aboba <bernarda@microsoft.com>
David Mitton <david@mitton.com>
John Loughney <john.loughney@nokia.com>

Operations and Management Area Director(s):

Bert Wijnen <bwijnen@lucent.com>
David Kessens <david.kessens@nokia.com>

Operations and Management Area Advisor:

Bert Wijnen <bwijnen@lucent.com>

Mailing Lists:

General Discussion: aaa-wg@merit.edu
To Subscribe: majordomo@merit.edu
In Body: subscribe aaa-wg
Archive: http://www.merit.edu/mail.archives/aaa-wg/

Description of Working Group:

The Authentication, Authorization and Accounting Working Group
focused on the development of requirements for Authentication,
Authorization and Accounting as applied to network access.
Requirements were gathered from NASREQ, MOBILE IP, and ROAMOPS
Working Groups as well as TIA 45.6. The AAA WG then solicited
submission of protocols meeting the requirements, and evaluated
the submissions.

This incarnation of the AAA Working Group will focus on development
of an IETF Standards track protocol, based on the DIAMETER submission.

In this process, it is to be understood that the IETF does not function
as a rubber stamp. It is likely that the protocol will be changed
significantly during the process of development.

The immediate goals of the AAA working group are to address the
following issues:

- Clarity. The protocol documents should clearly describe the contents
  of typical messages and the requirements for interoperability.

- Error messages. The protocol should define categories of error
  messages, enabling implementations to respond correctly based on the
  category. The set of error messages should cover the full range of
  operational problems.

- Accounting. The accounting operational model should be described for
  each type of network access.

- IPv6. The protocol must include attributes in support for IPv6
  network access and must be transportable over IPv6.

- Transport. The protocol should be transport independent and must
  define at least one mandatory-to-implement transport mapping. Other
  transport mappings may also be defined. All transport mappings must
  effectively support congestion control.

- Explicit proxy support. The protocol should offer explicit support
  for proxies, including support for automated message routing, route
  recording, and (where necessary) path hiding.

- RADIUS compatibility. The protocol should provide improved RADIUS
  backward compatibility in the case where only RADIUS attributes are
  used or where RADIUS proxies or servers exist in the path.

- Security. The protocol should define a lightweight data object
  security model that is implementable on NASes.

- Data model. The proposal should offer logical separation between the
  protocol and the data model and should support rich data types.

- MIBs. A MIB must be defined, supporting both IPv4 and IPv6 operation.

Goals and Milestones:

Done  Submission of requirements document as an Informational RFC.
Done  Submission of evaluation document as an Informational RFC.
Done  Submission of design team recommendations on protocol improvements.
Done  Incorporation of design team recommendations into protocol submission.
Done  Submission of AAA Transport as a Proposed Standard RFC
Done  Submission of Diameter Base as a Proposed Standard RFC
Done  Submission of Diameter NASREQ as a Proposed Standard RFC
Done  Submission of Diameter EAP as a Proposed Standard RFC
Done  Submission of Diameter Credit Control as a Proposed Standard RFC
Done  Submission of Diameter SIP application as a Proposed Standard RFC

Internet-Drafts:

  • draft-ietf-aaa-diameter-sip-app-11.txt

    Request For Comments:

    RFCStatusTitle
    RFC2924 I Accounting Attributes and Record Formats
    RFC2975 I Introduction to Accounting Management
    RFC2989 I Criteria for Evaluating AAA Protocols for Network Access
    RFC3127 I Authentication, Authorization, and Accounting:Protocol Evaluation
    RFC3539 PS Authentication, Authorization and Accounting (AAA) Transport Profile
    RFC3588 PS Diameter Base Protocol
    RFC4004 Standard Diameter Mobile IPv4 Application
    RFC4005 Standard Diameter Network Access Server Application
    RFC4006 Standard Diameter Credit-Control Application
    RFC4072 Standard Diameter Extensible Authentication Protocol (EAP) Application