AAA Authorization Framework
RFC 2904

Document Type RFC - Informational (August 2000; No errata)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2904 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                      J. Vollbrecht
Request for Comments: 2904                      Interlink Networks, Inc.
Category: Informational                                       P. Calhoun
                                                  Sun Microsystems, Inc.
                                                              S. Farrell
                                                  Baltimore Technologies
                                                              L. Gommans
                                                 Enterasys Networks EMEA
                                                                G. Gross
                                                     Lucent Technologies
                                                            B. de Bruijn
                                                 Interpay Nederland B.V.
                                                              C. de Laat
                                                      Utrecht University
                                                             M. Holdrege
                                                                 ipVerse
                                                               D. Spence
                                                Interlink Networks, Inc.
                                                             August 2000

                      AAA Authorization Framework

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This memo serves as the base requirements for Authorization of
   Internet Resources and Services (AIRS).  It presents an architectural
   framework for understanding the authorization of Internet resources
   and services and derives requirements for authorization protocols.

Vollbrecht, et al.           Informational                      [Page 1]
RFC 2904              AAA Authorization Framework            August 2000

Table of Contents

   1. Introduction ................................................  2
   2. Authorization Entities and Trust Relationships ..............  4
   3. Message Sequences ...........................................  7
      3.1. Single Domain Case .....................................  7
           3.1.1. The Agent Sequence ..............................  7
           3.1.2. The Pull Sequence ...............................  8
           3.1.3. The Push Sequence ...............................  9
      3.2. Roaming ................................................ 10
      3.3. Distributed Services ................................... 13
      3.4. Combining Roaming and Distributed Services ............. 15
   4. Relationship of Authorization and Policy .................... 16
      4.1. Policy Retrieval ....................................... 16
      4.2. Policy Evaluation ...................................... 17
      4.3. Policy Enforcement ..................................... 17
      4.4. Distributed Policy ..................................... 18
   5. Use of Attribute Certificates ............................... 19
   6. Resource Management ......................................... 22
      6.1. Session Management ..................................... 23
      6.2. The Resource Manager ................................... 24
   7. AAA Message Forwarding and Delivery ......................... 25
   8. End-to-End Security ......................................... 26
   9. Streamlined Authorization Process ........................... 27
   10. Summary of the Authorization Framework ..................... 28
   11. Security Considerations .................................... 28
   Glossary ....................................................... 29
   References ..................................................... 31
   Authors' Addresses ............................................. 32
   Full Copyright Statement ....................................... 35

1.  Introduction

   This document is one of a series of three documents under
   consideration by the AAAarch RG dealing with the authorization
   requirements for AAA protocols.  The three documents are:

         AAA Authorization Framework (this document)
         AAA Authorization Requirements [2]
         AAA Authorization Application Examples [3]

   There is a demonstrated need for a common scheme which covers all
   Internet services which offer Authorization.  This common scheme will
   address various functional architectures which meet the requirements
   of basic services.  We attempt to describe these architectures and
   functions as a basis for deriving requirements for an authorization
   protocol [2].

Vollbrecht, et al.           Informational                      [Page 2]
RFC 2904              AAA Authorization Framework            August 2000
Show full document text