For the road travelers in the United States, especially the parents who take their children in the family car on the long road trips, the letters AAA stand for a peace of mind. They feel that any time their car breaks down, they can call the number for the American Automobile Association and ask for roadside assistance. Even though this book is not about that sort of AAA, the 3 "A"s that we talk about here, when designed properly, can bring the same peace of mind to the network operator and its customers. Authentication, authorization, and accounting are three important blocks used in the construction of a network architecture that helps protect the network operator and its customers from fraud, attacks, inappropriate resource management, and loss of revenue.In this chapter, we describe each of the "A"s in the AAA first as a separate topic, and then as a piece that interacts with the other "A"s in an effort to justify why all the 3 "A"s should be treated by the same framework and servers. At the end of the chapter, we provide a model for a generic AAA architecture.
Authentication ConceptsAccording to the dictionary, the word "authentic" refers to something that is not false, or a fake imitation, but is worthy of acceptance as a truth or a fact. From the times of early civilizations, where people have run 26 miles only to deliver a message and then fall over and die, to today, when information can travel across the globe in fractions of a minute with a mouse click, proof of authenticity is the first thing the receiver of a message checks.Authentication consists of two acts: first, the act of providing proof of authenticity for the information that is being delivered or stored, and second, the act of verifying the proof of authenticity for the information that is being received or retrieved. In the early ages, an emperor would use his personal seal on his letters to provide assurance for the authenticity of the letter. The letter could then be carried by any messenger, whose identity was not important. The local lord would recognize the emperor seal and trust authenticity of the letter. He would
