RFC 2904 AAA Authorization Framework August 2000 Table of Contents 1. Introduction ................................................ 2 2. Authorization Entities and Trust Relationships .............. 4 3. Message Sequences ........................................... 7 3.1. Single Domain Case ..................................... 7 3.1.1. The Agent Sequence .............................. 7 3.1.2. The Pull Sequence ............................... 8 3.1.3. The Push Sequence ............................... 9 3.2. Roaming ................................................ 10 3.3. Distributed Services ................................... 13 3.4. Combining Roaming and Distributed Services ............. 15 4. Relationship of Authorization and Policy .................... 16 4.1. Policy Retrieval ....................................... 16 4.2. Policy Evaluation ...................................... 17 4.3. Policy Enforcement ..................................... 17 4.4. Distributed Policy ..................................... 18 5. Use of Attribute Certificates ............................... 19 6. Resource Management ......................................... 22 6.1. Session Management ..................................... 23 6.2. The Resource Manager ................................... 24 7. AAA Message Forwarding and Delivery ......................... 25 8. End-to-End Security ......................................... 26 9. Streamlined Authorization Process ........................... 27 10. Summary of the Authorization Framework ..................... 28 11. Security Considerations .................................... 28 Glossary ....................................................... 29 References ..................................................... 31 Authors' Addresses ............................................. 32 Full Copyright Statement ....................................... 35 1. Introduction This document is one of a series of three documents under consideration by the AAAarch RG dealing with the authorization requirements for AAA protocols. The three documents are: AAA Authorization Framework (this document) AAA Authorization Requirements [2] AAA Authorization Application Examples [3] There is a demonstrated need for a common scheme which covers all Internet services which offer Authorization. This common scheme will address various functional architectures which meet the requirements of basic services. We attempt to describe these architectures and functions as a basis for deriving requirements for an authorization protocol [2]. Vollbrecht, et al. Informational