Talk:AAA protocol

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Low-importance).
 

Protocol?[edit]

Is AAA itself a protocol? Isn't it more the methodology used to authenticate, etc., using protocols such as RADIUS or TACACS+? --Diogenes00 23:40, 2 June 2006 (UTC)

Agreed[edit]

Neither a protocol nor a classification of protocols. Plain speech, please. AAA is a model used to describe three commonly associated aspects of the concept "Access Control".

Princeton WordNet definition: http://wordnetweb.princeton.edu/perl/webwn?s=protocol

Jeffp231 (talk) 20:21, 2 September 2010 (UTC)

Suggest rename of Article[edit]

It's a classification of protocols rather than a particular one. Maybe renaming the page to "AAA protocols" or "Authentication, Authorization and Accounting" makes better sense.

Suggest "AAA (information technology)"[edit]

Protocols implies the same thing as Protocol, IMHO. I like the heading of AAA with the (information technology) byline. That should help distinguish it from abdominal aortic aneurysm, the American Automobile Association, and Triple-A baseball.

Jeffp231 (talk) 20:39, 2 September 2010 (UTC)

Alternately, my suggestion is "AAA Model" or "AAA Model (Information Technology)." In computing, protocols are things like TCP/IP, HTTP, SSH, etc. dafydd (talk) 14:32, 9 April 2013 (UTC)

Authorisation is not the same as Access Control[edit]

I dispute that "Authorisation" should be called Access Control. Authorisation is the granting of authority to perform some action, which may or may not involve access to a resource. Access control is a narrower concept, the implementation of an particular kind of authorisation policy. Access control is the mechanism that permits or denies access to resources according to the authorities granted to an authenticated identity.

In computing and communications this may be effectively coincident with authorisation, when most authorisations are about allowing access to something. But the principles of AAA can be applied in wider contexts, so it is a distinction worth maintaining. Swiveler (talk) 01:49, 5 February 2010 (UTC)

Agreed[edit]

Authorization is 'Permission' or 'Rights'. Authorization IS NOT Access Control.

Access control is a methodology that can include Authorization/Authorisation if needed, (depends on which side of the pond you're on) depending on the requirements given for the Access Control solution.

If you don't care WHAT people do, so long as you know WHO THEY ARE and WHEN THEY LOGON, you only need Authorization and Auditing.
If you absolutely must know WHAT was done and WHEN, but you don't care WHO did the deed, you drop Authentication and add Authorization, retaining Auditing.

Jeffp231 (talk) 20:28, 2 September 2010 (UTC)

Usage of AAA servers in LDAP networks - Section name incorrect?[edit]

LDAP is in the heading but never again refer to. Should it not be CDMA networks? Also, LDAP is a protocol, not a network by itself.