Authentication, Authorization, Accounting (AAA)

This become a major issue especially in conjunction with QoS since for better than best effort service, someone probably has to pay for this high QoS - AAA is necessary to decide who you are, if you are allowed to ask for this service, and how much you should be charged. See [Johnston 2004] and “Authentication, Authorization and Accounting Requirements for the Session Initiation Protocol” [RFC 3702].

Slide Notes

A.Johnston, D. Rawlins, H. Sinnreich, Stephen Thomas, and Richard Brennan, “Session Initiation Protocol Private Extension for an OSP Authorization Token”, IETF Internet Draft, June 2004, Expired: December 2004 http://www.ietf.org/internet-drafts/draft-johnston-sip-osp-token-06.txt Links to an external site.

J. Loughney, G. Camarillo, “Authentication, Authorization, and Accounting Requirements for the Session Initiation Protocol (SIP)”, IETF RFC 3702, February 2004 http://www.ietf.org/rfc/rfc3702.txt Links to an external site.

Transcript

[slide460] Well, AAA, authentication, authorization, and accounting, we said is interesting because if you want to get paid for this, you want to be able to say, if I get better quality, we can charge a higher price. So, that means we have to authenticate who the user is, because we only want our authentic users getting service. We have to authorize them, are they allowed to use this higher quality, and then we need to account for it.