Network service providers typically deploy one or more server devices to manage authentication, authorization, and accounting (AAA) functionality for networks that offer services to subscribers using client devices. Remote Authentication Dial In User Service (RADIUS) protocol is commonly used by the server devices to communicate with client devices. The RADIUS protocol is described in Carl Rigney et al., “Remote Authentication Dial In User Server (RADIUS),” Network Working Group of the Internet Engineering Task Force (IETF), RFC 2865, June 2000, which is incorporated herein by reference in its entirety (referred to hereinafter as “RFC 2865”). The Diameter protocol is another protocol that server devices use to communicate with client devices. The Diameter protocol is described in P. Calhoun et al., “Diameter Base Protocol,” Network Working Group of the Internet Engineering Task Force (IETF), RFC 3588, September, 2003, which is incorporated herein by reference in its entirety (referred to hereinafter as “RFC 3588”). In general, this disclosure refers to “AAA protocols,” which may include RADIUS and Diameter. Moreover, it should be understood that Diameter may be used in place of RADIUS, and vice versa, unless otherwise noted.
To request access to a service, a subscriber connects to a network access server (NAS) that acts as a gateway to the service as provided by a service provider network (or the Internet). If the NAS is a RADIUS client configured to communicate with a RADIUS server for the service provider network using the RADIUS protocol, the NAS confirms that the subscriber is authentic and is authorized to access the service by requesting the RADIUS server to validate the access request from the subscriber. After validating an access request, the RADIUS server responds to the NAS with a RADIUS protocol message directing the NAS to accept the access request and establish a session enabling connectivity between the subscriber and the service provider network for the requested service.
Typically, services available for such requests from client devices are pre-programmed in server devices. If an administrator of an organization, such as a service provider or enterprise, wants to enable a new action on a network element via an AAA protocol, the administrator typically has to deploy a RADIUS proxy at a central location and develop an application that will execute the action on the network element. The RADIUS proxy operates as a full proxy server that is positioned between a RADIUS client and a AAA server. The AAA server and RADIUS client are generally unaware of the presence of the RADIUS proxy. The RADIUS proxy operates on messages communicated between the RADIUS client and the AAA server. Alternatively, the administrator may contact a vendor for the network element to implement the desired functionality, and the vendor may in turn create a Vendor Specific Attribute.