RADIUS by

The final components of the authorization framework (at least the final in terms of the scope of this book) are the specifications for resource and session management. The problem with covering this is that, so far, the RFC waxes theoretical much more than it offers concrete dimensions and mechanisms. But let’s first look into what resource and session management are and how they can benefit a protocol that is based on the AAA model.

Resource management is basically the ability to monitor resources that have been previously allocated. A program or utility called the “resource manager” would be able to receive and display information on a resource in real time. Such a program could, for example, monitor a pool of dial-up ports on a terminal server and report information to the monitor program.

This is perhaps the simpler mechanism of the two to implement into a protocol, but there are inherent problems. With fewer AAA servers, there isn’t much traffic involved in real-time monitoring, and the equipment is more likely to be confined to one entity’s realm. Once the AAA server group expands and, particularly, begins to span multiple domains, it becomes increasingly problematic to maintain the identity of specific servers. Uniqueness of sessions is critical, and in addition, some method of combining session and resource information with a unique identifier is needed. As has been well documented in a variety of applications, network synchronization has ...