AAA Authorization Requirements
RFC 2906

Document Type RFC - Informational (August 2000; No errata)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2906 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        S. Farrell
Request for Comments: 2906                       Baltimore Technologies
Category: Informational                                   J. Vollbrecht
                                               Interlink Networks, Inc.
                                                             P. Calhoun
                                                 Sun Microsystems, Inc.
                                                             L. Gommans
                                                Enterasys Networks EMEA
                                                               G. Gross
                                                    Lucent Technologies
                                                           B. de Bruijn
                                                Interpay Nederland B.V.
                                                             C. de Laat
                                                     Utrecht University
                                                            M. Holdrege
                                                                ipVerse
                                                              D. Spence
                                               Interlink Networks, Inc.
                                                            August 2000

                     AAA Authorization Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document specifies the requirements that Authentication
   Authorization Accounting (AAA) protocols must meet in order to
   support authorization services in the Internet. The requirements have
   been elicited from a study of a range of applications including
   mobile-IP, roamops and others.

Farrell, et al.              Informational                      [Page 1]
RFC 2906             AAA Authorization Requirements          August 2000

Table Of Contents

   1. Introduction.................................................2
   2. Requirements.................................................3
       2.1  Authorization Information..............................3
       2.2  Security of authorization information..................7
       2.3  Time...................................................9
       2.4  Topology..............................................10
       2.5  Application Proxying..................................12
       2.6  Trust Model...........................................12
       2.7  Not just transactions.................................14
       2.8  Administration........................................15
       2.9  Bytes on-the-wire.....................................16
       2.10 Interfaces............................................17
       2.11 Negotiation...........................................18
   3. Security Considerations.....................................19
   4. References..................................................20
   Authors' Addresses.............................................20
   Full Copyright Statement.......................................23

1. Introduction

   This document is one of a series of three documents under
   consideration by the AAAarch RG dealing with the authorization
   requirements for AAA protocols.  The three documents are:

         AAA Authorization Framework [FRMW]
         AAA Authorization Requirements (this document)
         AAA Authorization Application Examples [SAMP]

   The work for this memo was done by a group that originally was the
   Authorization subgroup of the AAA Working Group of the IETF.  When
   the charter of the AAA working group was changed to focus on MobileIP
   and NAS requirements, the AAAarch Research Group was chartered within
   the IRTF to continue and expand the architectural work started by the
   Authorization subgroup.  This memo is one of four which were created
   by the subgroup.  This memo is a starting point for further work
   within the AAAarch Research Group.  It is still a work in progress
   and is published so that the work will be available for the AAAarch
   subgroup and others working in this area, not as a definitive
   description of architecture or requirements.

   The process followed in producing this document was to analyze the
   requirements from [SAMP] based on a common understanding of the AAA
   authorization framework [FRMW]. This document assumes familiarity
   with both the general issues involved in authorization and, in
   particular, the reader will benefit from a reading of [FRMW] where,
   for example, definitions of terms can be found.

Farrell, et al.              Informational                      [Page 2]
RFC 2906             AAA Authorization Requirements          August 2000
Show full document text