AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility by Mahsa Nakhjiri, Madjid Nakhjiri

7.1. Election for the Next AAA Protocol

Around the same time when the IETF RADIUS working group decided that it had concluded its work (first half of 2000), a new IETF working group called AAA working group had just started its work on finding the next big successor to RADIUS. Since, at the time several protocols were butting heads as contenders, the group decided to conduct a thorough comparison of the protocol proposals to make sure that the successful candidate was ready for prime time. The working group first created an RFC specification [AAAEVAL2989], defining a complete set of requirements for a protocol to serve as a AAA protocol. The group then assigned a team of experts to assess the suitability of each candidate proposal by evaluating how the proposal could meet these requirements.

The requirement defined in that RFC (2989) are similar to the requirements defined for support of network access server in RFC 3169 [NASCRIT3169]. We provided a list of the most important requirements mentioned in that RFC at the end of Chapter 1. However, RFC 2989 [AAAEVAL2989] provided a more complete set of requirements for overall evaluation of AAA protocols, that went beyond just supporting NASes. In summary, examples of these requirements are:

Scalability, failover, mutual authentication between client and server, transmission level security, data object confidentiality, data object integrity, certificate transport, reliable AAA transport mechanisms, ability to run over IPv4, ability ...