AAA Authorization Requirements
RFC 2906
| Document | Type |
RFC - Informational
(August 2000; No errata)
Was draft-irtf-aaaarch-authorization-reqs (individual)
|
|
|---|---|---|---|
| Authors | Pat Calhoun , Betty de Bruijn , Cees de Laat , Stephen Farrell , Leon Gommans , George Gross , Matt Holdrege , David Spence , John Vollbrecht | ||
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 2906 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group S. Farrell
Request for Comments: 2906 Baltimore Technologies
Category: Informational J. Vollbrecht
Interlink Networks, Inc.
P. Calhoun
Sun Microsystems, Inc.
L. Gommans
Enterasys Networks EMEA
G. Gross
Lucent Technologies
B. de Bruijn
Interpay Nederland B.V.
C. de Laat
Utrecht University
M. Holdrege
ipVerse
D. Spence
Interlink Networks, Inc.
August 2000
AAA Authorization Requirements
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document specifies the requirements that Authentication
Authorization Accounting (AAA) protocols must meet in order to
support authorization services in the Internet. The requirements have
been elicited from a study of a range of applications including
mobile-IP, roamops and others.
Farrell, et al. Informational [Page 1]
RFC 2906 AAA Authorization Requirements August 2000
Table Of Contents
1. Introduction.................................................2
2. Requirements.................................................3
2.1 Authorization Information..............................3
2.2 Security of authorization information..................7
2.3 Time...................................................9
2.4 Topology..............................................10
2.5 Application Proxying..................................12
2.6 Trust Model...........................................12
2.7 Not just transactions.................................14
2.8 Administration........................................15
2.9 Bytes on-the-wire.....................................16
2.10 Interfaces............................................17
2.11 Negotiation...........................................18
3. Security Considerations.....................................19
4. References..................................................20
Authors' Addresses.............................................20
Full Copyright Statement.......................................23
1. Introduction
This document is one of a series of three documents under
consideration by the AAAarch RG dealing with the authorization
requirements for AAA protocols. The three documents are:
AAA Authorization Framework [FRMW]
AAA Authorization Requirements (this document)
AAA Authorization Application Examples [SAMP]
The work for this memo was done by a group that originally was the
Authorization subgroup of the AAA Working Group of the IETF. When
the charter of the AAA working group was changed to focus on MobileIP
and NAS requirements, the AAAarch Research Group was chartered within
the IRTF to continue and expand the architectural work started by the
Authorization subgroup. This memo is one of four which were created
by the subgroup. This memo is a starting point for further work
within the AAAarch Research Group. It is still a work in progress
and is published so that the work will be available for the AAAarch
subgroup and others working in this area, not as a definitive
description of architecture or requirements.
The process followed in producing this document was to analyze the
requirements from [SAMP] based on a common understanding of the AAA
authorization framework [FRMW]. This document assumes familiarity
with both the general issues involved in authorization and, in
particular, the reader will benefit from a reading of [FRMW] where,
for example, definitions of terms can be found.
Farrell, et al. Informational [Page 2]
RFC 2906 AAA Authorization Requirements August 2000
Show full document text