Authentication, Authorization, and Accounting (AAA)

Authentication

Authentication provides a way of identifying a user, usually by having the user enter his/her credentials before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access.

The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are not matched, authentication fails and network access is denied.




Authorization

Following authentication, a user must get authorization(which is like a permit) for doing certain tasks. After logging into a system, for example, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands.

In other words, authorization is the process of enforcing policies in determining what types or qualities or services a user is permitted. Typically, authorization occurs within the context of authentication. For example, once a user is authenticated, they may be authorized for different types of access or activity.

Accounting

Accounting measures the resources a user consumes during access. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities. In addition, it may record events such as authentication and authorization failures.







Resources:
http://en.wikipedia.org/wiki/AAA_protocol
http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting