AAA ProtocolDiameter is a AAA (Authentication,Authorization, Accounting ) protocol used to manage networking resources/services and its usage.
AuthenticationAuthentication is the process where the user sends his/her access credentials proving the identity to a Remote Access Server (RAS) that validates it. The authentication process would validate the user information with different other servers/directories.
AuthorizationThe authenticated user will have certain attributes defined in the RAS which explains the QOS (Quality of Service), IP based validations ect :-
AccountingThe access to the network will be granted to the user through the Network Access Server (NAS). Once the network access is being granted to the user, the RAS will communicate back and forth with the NAS providing the following information,
- 'Start' giving access to a particular user network access
- 'Stop' giving access to the user
- Periodically it will exchange information back and forth between, NAS and RAS indicating the status of the current user session, The NAS will trigger an indication to the RAS when it stops the network access to a user session.
The image below summarizes how AAA protocol is being adapted in a typical network environment.
Await for my next set of articles, where i would explain the implementation steps in detail as to how diameter can be used in AAA transactions and how WSO2 ESB can be used to connect with diameter servers.