This shows you the differences between two versions of the page.
— |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:2904 [2022/01/19 15:00] (current) nick created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== RFC2904 - AAA Authorization Framework ====== | ||
+ | [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]] | ||
+ | |||
+ | <table> | ||
+ | <caption>Data sheet for RFC2904 AAA Authorization Framework (AAAA)</caption> | ||
+ | | Title | AAA Authorization Framework | | ||
+ | | Acronym | AAAA | | ||
+ | | Version | 2000 | | ||
+ | | Document Number | RFC2904 | | ||
+ | | Release Date | August 2000 | | ||
+ | | Reference | [[https://tools.ietf.org/html/rfc2904]] | | ||
+ | </table> | ||
+ | |||
+ | : **Note**: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference. | ||
+ | |||
+ | |||
+ | ===== Introduction ===== | ||
+ | This document is one of a series of three documents under | ||
+ | consideration by the AAAarch RG dealing with the authorization | ||
+ | requirements for AAA protocols. The three documents are: | ||
+ | |||
+ | * AAA Authorization Framework (this document) | ||
+ | * AAA Authorization Requirements | ||
+ | * AAA Authorization Application Examples | ||
+ | |||
+ | There is a demonstrated need for a common scheme which covers all | ||
+ | Internet services which offer Authorization. This common scheme will | ||
+ | address various functional architectures which meet the requirements | ||
+ | of basic services. We attempt to describe these architectures and | ||
+ | functions as a basis for deriving requirements for an authorization | ||
+ | protocol. | ||
+ | |||
+ | These architectures include Policy structures, Certificate | ||
+ | Authorities, Resource Managers, Inter-Domain and Multi-Domain | ||
+ | schemes, and Distributed Services. The requirements are for the | ||
+ | expected use of Authorization services across these architectures. | ||
+ | A representative set of applications that may use this architecture | ||
+ | to support their authorization needs is presented in [3]. The | ||
+ | examples in [3] show how this framework may be used to meet a wide | ||
+ | variety of different authorization needs. | ||
+ | |||
+ | We expect that this work may be extended in the future to a more | ||
+ | comprehensive model and that the scheme described here will be | ||
+ | incorporated into a framework that includes authentication, | ||
+ | accounting and auditing. We have referenced a number of | ||
+ | authorization sources, but also recognize that there may be some that | ||
+ | we have missed and that should be included. Please notify one of the | ||
+ | authors of any such oversight so it can be corrected in a future | ||
+ | revision. | ||
+ | |||
+ | In general, it is assumed that the parties who are participating in | ||
+ | the authorization process have already gone through an authentication | ||
+ | phase. The authentication method used by those parties is outside | ||
+ | the scope of this document except to the extent that it influences | ||
+ | the requirements found in a subsequent authorization process. | ||
+ | Likewise, accounting requirements are outside the scope of this | ||
+ | document other than recording accounting data or establishing trust | ||
+ | relationships during an authorization that will facilitate a | ||
+ | subsequent accounting phase. | ||
+ | |||
+ | The work for this memo was done by a group that originally was the | ||
+ | Authorization subgroup of the AAA Working Group of the IETF. When | ||
+ | the charter of the AAA working group was changed to focus on MobileIP | ||
+ | and NAS requirements, the AAAarch Research Group was chartered within | ||
+ | the IRTF to continue and expand the architectural work started by the | ||
+ | Authorization subgroup. This memo is one of four which were created | ||
+ | by the subgroup. This memo is a starting point for further work | ||
+ | within the AAAarch Research Group. It is still a work in progress | ||
+ | and is published so that the work will be available for the AAAarch | ||
+ | subgroup and others working in this area, not as a definitive | ||
+ | description of architecture or requirements. | ||
+ | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
+ | /* To add a discussion page to this page, comment out the line that says | ||
+ | ~~DISCUSSION:off~~ | ||
+ | */ | ||
+ | ~~DISCUSSION:on|Outstanding Issues~~ | ||
+ | ~~DISCUSSION:off~~ | ||