AAA Authorization Requirements
RFC 2906
Document | Type |
RFC - Informational
(August 2000; No errata)
Was draft-irtf-aaaarch-authorization-reqs (individual)
|
|
---|---|---|---|
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2906 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group S. Farrell Request for Comments: 2906 Baltimore Technologies Category: Informational J. Vollbrecht Interlink Networks, Inc. P. Calhoun Sun Microsystems, Inc. L. Gommans Enterasys Networks EMEA G. Gross Lucent Technologies B. de Bruijn Interpay Nederland B.V. C. de Laat Utrecht University M. Holdrege ipVerse D. Spence Interlink Networks, Inc. August 2000 AAA Authorization Requirements Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This document specifies the requirements that Authentication Authorization Accounting (AAA) protocols must meet in order to support authorization services in the Internet. The requirements have been elicited from a study of a range of applications including mobile-IP, roamops and others. Farrell, et al. Informational [Page 1] RFC 2906 AAA Authorization Requirements August 2000 Table Of Contents 1. Introduction.................................................2 2. Requirements.................................................3 2.1 Authorization Information..............................3 2.2 Security of authorization information..................7 2.3 Time...................................................9 2.4 Topology..............................................10 2.5 Application Proxying..................................12 2.6 Trust Model...........................................12 2.7 Not just transactions.................................14 2.8 Administration........................................15 2.9 Bytes on-the-wire.....................................16 2.10 Interfaces............................................17 2.11 Negotiation...........................................18 3. Security Considerations.....................................19 4. References..................................................20 Authors' Addresses.............................................20 Full Copyright Statement.......................................23 1. Introduction This document is one of a series of three documents under consideration by the AAAarch RG dealing with the authorization requirements for AAA protocols. The three documents are: AAA Authorization Framework [FRMW] AAA Authorization Requirements (this document) AAA Authorization Application Examples [SAMP] The work for this memo was done by a group that originally was the Authorization subgroup of the AAA Working Group of the IETF. When the charter of the AAA working group was changed to focus on MobileIP and NAS requirements, the AAAarch Research Group was chartered within the IRTF to continue and expand the architectural work started by the Authorization subgroup. This memo is one of four which were created by the subgroup. This memo is a starting point for further work within the AAAarch Research Group. It is still a work in progress and is published so that the work will be available for the AAAarch subgroup and others working in this area, not as a definitive description of architecture or requirements. The process followed in producing this document was to analyze the requirements from [SAMP] based on a common understanding of the AAA authorization framework [FRMW]. This document assumes familiarity with both the general issues involved in authorization and, in particular, the reader will benefit from a reading of [FRMW] where, for example, definitions of terms can be found. Farrell, et al. Informational [Page 2] RFC 2906 AAA Authorization Requirements August 2000Show full document text