|WikiProject Computer Security / Computing||(Rated Start-class, Low-importance)|
|WikiProject Computing||(Rated Start-class, Low-importance)|
Is AAA itself a protocol? Isn't it more the methodology used to authenticate, etc., using protocols such as RADIUS or TACACS+? --Diogenes00 23:40, 2 June 2006 (UTC)
Neither a protocol nor a classification of protocols. Plain speech, please. AAA is a model used to describe three commonly associated aspects of the concept "Access Control".
Princeton WordNet definition: http://wordnetweb.princeton.edu/perl/webwn?s=protocol
Suggest rename of Article
It's a classification of protocols rather than a particular one. Maybe renaming the page to "AAA protocols" or "Authentication, Authorization and Accounting" makes better sense.
Suggest "AAA (information technology)"
Protocols implies the same thing as Protocol, IMHO. I like the heading of AAA with the (information technology) byline. That should help distinguish it from abdominal aortic aneurysm, the American Automobile Association, and Triple-A baseball.
- Alternately, my suggestion is "AAA Model" or "AAA Model (Information Technology)." In computing, protocols are things like TCP/IP, HTTP, SSH, etc. dafydd (talk) 14:32, 9 April 2013 (UTC)
Authorisation is not the same as Access Control
I dispute that "Authorisation" should be called Access Control. Authorisation is the granting of authority to perform some action, which may or may not involve access to a resource. Access control is a narrower concept, the implementation of an particular kind of authorisation policy. Access control is the mechanism that permits or denies access to resources according to the authorities granted to an authenticated identity.
In computing and communications this may be effectively coincident with authorisation, when most authorisations are about allowing access to something. But the principles of AAA can be applied in wider contexts, so it is a distinction worth maintaining. Swiveler (talk) 01:49, 5 February 2010 (UTC)
Authorization is 'Permission' or 'Rights'. Authorization IS NOT Access Control.
Access control is a methodology that can include Authorization/Authorisation if needed, (depends on which side of the pond you're on) depending on the requirements given for the Access Control solution.
- If you don't care WHAT people do, so long as you know WHO THEY ARE and WHEN THEY LOGON, you only need Authorization and Auditing.
- If you absolutely must know WHAT was done and WHEN, but you don't care WHO did the deed, you drop Authentication and add Authorization, retaining Auditing.