A network access control approach based on the AAA architecture and authorization attributes

Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or mobile IP. This paper presents a particular scenario where access rules are based not only on the identity of the different users, but also on authorization data related to those users. In order to accomplish this general goal, it will be necessary to add to the traditional systems specific services for authentication and authorization, and also some entities able to manage the information related to identity, roles and permissions. Network access is based on the 802.1X framework and the AAA architecture, as they constitute the basis for most of the existing proposals for limiting the access to a restricted network. Those proposals are extended using an authorization infrastructure based on SAML statements, the RBAC model, and XACML as the language for expressing authorization policies.