Conjunto de herramientas, procedimientos y protocolos
que garantizan un tratamiento coherente de las tareas de autenticación,
autorización y registro de actividad de las entidades que tienen acceso a un
sistema de información.
Acrónimo de “authentication, authorization, and
accounting” (autenticación, autorización y contabilización). Protocolo para
autenticar a un usuario basándose en la identidad verificable del usuario,
autorizar a un usuario basándose en sus derechos de usuario y contabilizar el
consumo de recursos de una red de un usuario.
http://es.pcisecuritystandards.org
Acronym for “authentication,
authorization, and accounting.” Protocol for authenticating a user based on
their verifiable identity, authorizing a user based on their user rights, and
accounting for a user’s consumption of network resources.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Authentication,
authorization, and accounting (AAA) is a term for a framework for intelligently
controlling access to computer resources, enforcing policies, auditing usage,
and providing the information necessary to bill for services. These combined
processes are considered important for effective network management and
security.
As the first process, authentication
provides a way of identifying a user, typically by having the user enter a
valid user name and valid password before access is granted. The process of
authentication is based on each user having a unique set of criteria for
gaining access. The AAA server compares a user's authentication credentials
with other user credentials stored in a database. If the credentials match, the
user is granted access to the network. If the credentials are at variance,
authentication fails and network access is denied.
Following authentication, a
user must gain authorization for doing certain tasks. After logging into a
system, for instance, the user may try to issue commands. The authorization
process determines whether the user has the authority to issue such commands.
Simply put, authorization is the process of enforcing policies: determining
what types or qualities of activities, resources, or services a user is
permitted. Usually, authorization occurs within the context of authentication.
Once you have authenticated a user, they may be authorized for different types
of access or activity.
The final plank in the AAA
framework is accounting, which measures the resources a user consumes during
access. This can include the amount of system time or the amount of data a user
has sent and/or received during a session. Accounting is carried out by logging
of session statistics and usage information and is used for authorization
control, billing, trend analysis, resource utilization, and capacity planning
activities.
http://searchsecurity.techtarget.com/
Authentication. Authentication
refers to the confirmation that a user who is requesting services is a valid
user of the network services requested. Authentication is accomplished via the
presentation of an identity and credentials. Examples of types of credentials
are passwords, one-time tokens, digital certificates, and phone numbers
(calling/called).
Authorization. Authorization
refers to the granting of specific types of service (including "no
service") to a user, based on their authentication, what services they are
requesting, and the current system state. Authorization may be based on
restrictions, for example time-of-day restrictions, or physical location restrictions,
or restrictions against multiple logins by the same user. Authorization
determines the nature of the service which is granted to a user. Examples of
types of service include, but are not limited to: IP address filtering, address
assignment, route assignment, QoS/differential services, bandwidth
control/traffic management, compulsory tunneling to a specific endpoint, and
encryption.
Accounting. Accounting
refers to the tracking of the consumption of network resources by users. This
information may be used for management, planning, billing, or other purposes.
Real-time accounting refers to accounting information that is delivered
concurrently with the consumption of the resources. Batch accounting refers to
accounting information that is saved until it is delivered at a later time.
Typical information that is gathered in accounting is the identity of the user,
the nature of the service delivered, when the service began, and when it ended.
http://en.wikipedia.org/wiki/AAA_protocol
Acronyme d’«authentication,
authorization, and accounting» (authentification, autorisation et traçabilité).
Protocole permettant d’authentifier un utilisateur en fonction de son identité
vérifiable, d’autoriser un utilisateur en fonction de ses droits d’utilisateur et
de vérifier la consommation des ressources réseau d’un utilisateur.
http://fr.pcisecuritystandards.org/