Network service providers typically deploy one or more servers to manage authentication, authorization, and accounting (AAA) functionality for networks that offer services to one or more subscribers. The protocol most commonly used by the servers to communicate with clients is the Remote Authentication Dial-In User Service (RADIUS) protocol. The RADIUS protocol is described in Carl Rigney et al., “Remote Authentication Dial In User Server (RADIUS),” Network Working Group of the Internet Engineering Task Force (IETF), Request for Comments 2865, June 2000, which is incorporated by reference herein in its entirety (referred to hereinafter as “RFC 2865”). Another AAA framework, known as the Diameter protocol, extends and replaces RADIUS. Diameter is described in V. Fajardo et al., “Diameter Base Protocol,” Network Working Group of the Internet Engineering Task Force (IETF), Request for Comments 6733, October 2012, which is incorporated by reference herein in its entirety (referred to hereinafter as “RFC 6733”). The RADIUS, Diameter, and other AAA protocols are referred to hereinafter using the term, “AAA protocol,” which provides a “AAA framework” for applications.
To request access to a service, a subscriber connects to a network access server (NAS) that acts as a gateway to the service as provided by a service provider network (or the Internet, e.g.). If the NAS is a AAA client configured to communicate with a AAA server for the service provider network using the AAA protocol, the NAS confirms that the subscriber is authentic and is authorized to access the service by requesting the AAA server to validate the access request from the subscriber. Upon validating an access request, the AAA server responds to the NAS with a AAA protocol message directing the NAS to accept the access request and establish a session enabling connectivity between the subscriber and the service provider network for the requested service.