dido:public:ra:xapend:xapend.b_stds:tech:ietf:2904
Differences
This shows you the differences between two versions of the page.
| — |
dido:public:ra:xapend:xapend.b_stds:tech:ietf:2904 [2022/01/19 15:00] (current) nick created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== RFC2904 - AAA Authorization Framework ====== | ||
| + | [[dido:public:ra:xapend:xapend.b_stds:tech:ietf:start| return to the IETF Standards ]] | ||
| + | |||
| + | <table> | ||
| + | <caption>Data sheet for RFC2904 AAA Authorization Framework (AAAA)</caption> | ||
| + | | Title | AAA Authorization Framework | | ||
| + | | Acronym | AAAA | | ||
| + | | Version | 2000 | | ||
| + | | Document Number | RFC2904 | | ||
| + | | Release Date | August 2000 | | ||
| + | | Reference | [[https://tools.ietf.org/html/rfc2904]] | | ||
| + | </table> | ||
| + | |||
| + | : **Note**: The following is an excerpt from the official IETF RFC. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference. | ||
| + | |||
| + | |||
| + | ===== Introduction ===== | ||
| + | This document is one of a series of three documents under | ||
| + | consideration by the AAAarch RG dealing with the authorization | ||
| + | requirements for AAA protocols. The three documents are: | ||
| + | |||
| + | * AAA Authorization Framework (this document) | ||
| + | * AAA Authorization Requirements | ||
| + | * AAA Authorization Application Examples | ||
| + | |||
| + | There is a demonstrated need for a common scheme which covers all | ||
| + | Internet services which offer Authorization. This common scheme will | ||
| + | address various functional architectures which meet the requirements | ||
| + | of basic services. We attempt to describe these architectures and | ||
| + | functions as a basis for deriving requirements for an authorization | ||
| + | protocol. | ||
| + | |||
| + | These architectures include Policy structures, Certificate | ||
| + | Authorities, Resource Managers, Inter-Domain and Multi-Domain | ||
| + | schemes, and Distributed Services. The requirements are for the | ||
| + | expected use of Authorization services across these architectures. | ||
| + | A representative set of applications that may use this architecture | ||
| + | to support their authorization needs is presented in [3]. The | ||
| + | examples in [3] show how this framework may be used to meet a wide | ||
| + | variety of different authorization needs. | ||
| + | |||
| + | We expect that this work may be extended in the future to a more | ||
| + | comprehensive model and that the scheme described here will be | ||
| + | incorporated into a framework that includes authentication, | ||
| + | accounting and auditing. We have referenced a number of | ||
| + | authorization sources, but also recognize that there may be some that | ||
| + | we have missed and that should be included. Please notify one of the | ||
| + | authors of any such oversight so it can be corrected in a future | ||
| + | revision. | ||
| + | |||
| + | In general, it is assumed that the parties who are participating in | ||
| + | the authorization process have already gone through an authentication | ||
| + | phase. The authentication method used by those parties is outside | ||
| + | the scope of this document except to the extent that it influences | ||
| + | the requirements found in a subsequent authorization process. | ||
| + | Likewise, accounting requirements are outside the scope of this | ||
| + | document other than recording accounting data or establishing trust | ||
| + | relationships during an authorization that will facilitate a | ||
| + | subsequent accounting phase. | ||
| + | |||
| + | The work for this memo was done by a group that originally was the | ||
| + | Authorization subgroup of the AAA Working Group of the IETF. When | ||
| + | the charter of the AAA working group was changed to focus on MobileIP | ||
| + | and NAS requirements, the AAAarch Research Group was chartered within | ||
| + | the IRTF to continue and expand the architectural work started by the | ||
| + | Authorization subgroup. This memo is one of four which were created | ||
| + | by the subgroup. This memo is a starting point for further work | ||
| + | within the AAAarch Research Group. It is still a work in progress | ||
| + | and is published so that the work will be available for the AAAarch | ||
| + | subgroup and others working in this area, not as a definitive | ||
| + | description of architecture or requirements. | ||
| + | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
| + | /* To add a discussion page to this page, comment out the line that says | ||
| + | ~~DISCUSSION:off~~ | ||
| + | */ | ||
| + | ~~DISCUSSION:on|Outstanding Issues~~ | ||
| + | ~~DISCUSSION:off~~ | ||
dido/public/ra/xapend/xapend.b_stds/tech/ietf/2904.txt ยท Last modified: 2022/01/19 15:00 by nick
