A survey on AAA mechanisms, protocols, and architectures and a policy-based approach beyond: Ax

AAA, the Authentication, Authorization, and Accounting approach for dial-up connectivity of mobile users and devices has reached a status of maturity, however, limited to a dedicated set of minor scenarios. While the commercialization of the Internet has lead to a large variety of business models based on Internet technology, the demand for standardized and efficient solutions in support of reliable, secure, open, and flexible remote service accesses has increased. In addition to the traditional AAA approach, emerging support services, such as policy support, charging, pricing, and auditing for Internet services, are required essentially to offer as a service provider a viable set of distributed data communication and content services. As discussed in this work, the existing work on a AAA Architecture still considers dedicated cases and lacks a scenario-independent and generic approach. Therefore, the approach termed Ax Architecture, is proposed to enable a generic and integrated way of dealing in a policy-based manner with these support services, which a public service provider must offer for mobile as well as fixed users. This generic Ax Architecture is motivated by indicating basic areas of concern, discussing existing protocols, mechanisms, and data types, and the development of the architecture’s scope and major modules required for Ax. Driven by business model needs, but focussed on the technical design and implementation only, this proposed work enables business cases as a top level policy, charging as an economic policy, and QoS support for end-to-end services in the Internet.

[1]  William Allen Simpson,et al.  PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[2]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol , 1993, RFC.

[4]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[5]  Leon Gommans,et al.  AAA Authorization Requirements , 2000, RFC.

[6]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[7]  Glen Zorn,et al.  DIAMETER Framework Document , 2001 .

[8]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[9]  Jeff Hodges,et al.  Authentication Methods for LDAP , 2000, RFC.

[10]  Nevil Brownlee,et al.  Traffic Flow Measurement: Experiences with NeTraMet , 1997, RFC.

[11]  Charles E. Perkins,et al.  DIAMETER Mobile IP Extensions , 2001 .

[12]  Ralph E. Droms,et al.  Authentication for DHCP Messages , 2001, RFC.

[13]  Andrea Westerinen,et al.  Policy Core Information Model - Version 1 Specification , 2001, RFC.

[14]  Martín Abadi,et al.  The Millicent Protocol for Inexpensive Electronic Commerce , 1995, World Wide Web J..

[15]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[16]  Leon Gommans,et al.  Generic AAA Architecture , 2000, RFC.

[17]  D. Verma,et al.  Supporting Service Level Agreements on IP Networks , 1999 .

[18]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[19]  Lixia Zhang,et al.  Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification , 1997, RFC.

[20]  Xing Chen,et al.  Criteria for Evaluating AAA Protocols for Network Access , 2000, RFC.

[21]  Brian Lloyd,et al.  PPP Authentication Protocols , 1992, RFC.

[22]  Carl Rigney,et al.  RADIUS Accounting , 1997, RFC.

[23]  Robert H. Deng,et al.  Evolution of Fair Non-repudiation with TTP , 1999, ACISP.

[24]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[25]  John Strassner,et al.  Policy Framework Definition Language , 1998 .

[26]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[27]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[28]  Vijay Varadharajan,et al.  Tower: A Language for Role Based Access Control , 2001, POLICY.

[29]  David D. Clark,et al.  Policy routing in Internet protocols , 1989, RFC.

[30]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[31]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[32]  Rodolphe Ortalo,et al.  A Flexible Method for Information System Security Policy Specification , 1998, ESORICS.

[33]  David Mitton,et al.  Authentication, Authorization, and Accounting: Protocol Evaluation , 2001, RFC.

[34]  Markus Schumacher,et al.  Pay as you go-associating costs with Jini leases , 2000, Proceedings Fourth International Enterprise Distributed Objects Computing Conference. EDOC2000.

[35]  Van Jacobson,et al.  A Two-bit Differentiated Services Architecture for the Internet , 1999, RFC.

[36]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[37]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[38]  Leon Gommans,et al.  AAA Authorization Application Examples , 2000, RFC.

[39]  Scott Shenker,et al.  Integrated Services in the Internet Architecture : an Overview Status of this Memo , 1994 .

[40]  Jari Arkko,et al.  DIAMETER Accounting Extension , 2001 .

[41]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[42]  Keith McCloghrie,et al.  COPS Usage for Policy Provisioning (COPS-PR) , 2001, RFC.

[43]  Charles E. Perkins,et al.  Mobile IP Authentication, Authorization, and Accounting Requirements , 2000, RFC.

[44]  Jari Arkko,et al.  Introduction to Accounting Management , 2000, RFC.

[45]  Avri Doria,et al.  COPS Usage for AAA , 2000 .

[46]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[47]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[48]  Nevil Brownlee,et al.  Accounting Attributes and Record Formats , 2000, RFC.

[49]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[50]  Cengiz Alaettinoglu,et al.  Routing Policy Specification Language (RPSL) , 1998, RFC.

[51]  Peter Reichl,et al.  Management of differentiated services usage by the Cumulus pricing scheme and a generic Internet charging system , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).