The Authentication, Authorization and Accounting (AAA) is an infrastructure, which, like the name indicates, is mainly used to authenticate users, authorize the use of resources and keep a record of the users’ activity, the network’s resources and the different types of events. This infrastructure can be implemented centrally or distributed, using several databases and interacting with different devices in the network. An AAA server is capable of authenticating users, administrate and grant authorization orders, and account statistical information and of resources use.
Authentication refers to the process by which a user is accredited to operate in a network. In order to be authenticated, several methods are implemented like passwords, tokens, RSA, digital certificates, etc.
Authorization is a process which normally occurs after the authentication. In this process, the user's requirement for the utilization of a resource is contemplated. The server will authorize the requirement depending on its parameters. The server can send information to the device necessary to activate or to use the service.
Accounting is the process by which the server registers any kind of activity considered important about the use of resources, authentication and authorization requests, statistics, etc.
Currently, the most used protocols for the AAA functions are the Remote Authentication Dial-In User Service (RADIUS) and Diameter (it receives its name because it is the evolution of RADIUS, making reference to the radius and diameter of a circle). The latter, is the most evolved AAA protocol and it is used also as support in the networks of last generation such as LTE/SAE and IMS.
More information at: