NAS Example

nas.jpg (14307 bytes)

 

A.  User makes Request

Trust between user and NAS -- Environment and Identity based - trust phone # connects to correct NAS

B.  NAS requsts authentication and authorization from visited AAA

Trust between NAS and AAA could be environemental or through a trusted channel. (NAS is trying to determine if the request can be trusted)

C. Visit AAA requests AA from Home AAA

Trust between AAA servers is probably through a trusted channel.  This channel may be setup using identites and keys from a third party trust authority (CA). (Trust is required in both directions)

D. Response returned  (session set up)

E. User terminates session

F. AAA servers notoified that session terminated, billing message sent

Perhaps billing requires trust that the user actually requested session and that the nas provided the session.  This can be established using trusted data: request signed by user -- session allocation assigned by NAS.