1. Technical Field
The present invention relates in general to a system and method for multi-vendor mediation for subscription services. More particularly, the present invention relates to a system and method for a service provider application to communicate with heterogeneous network access servers using a single interface.
2. Description of the Related Art
Traditional dial-in services use a network access server (NAS) in conjunction with a remote authentication dial-in user service (RADIUS) to authenticate and process user requests. RADIUS is a client/server protocol and software that enables remote access servers the ability to communicate with a central server in order to authenticate dial-in users and authorize their access to a requested system or service.
A NAS is a computer server that enables an independent service provider (ISP) the ability to provide connected customers with Internet access. A NAS interfaces to both a local telecommunication service provider, such as a phone company, and to the Internet backbone. NAS's are positioned on the edge of service provider networks and provide three main functions. First, they use RADIUS to make authentication, authorization, and accounting requests to the service provider for the subscribers. Second, they aggregate subscriber traffic into larger bandwidth data streams to be forwarded towards the core of the service provider network. And third, they enforce policies that define services that are provisioned for the subscriber. These policies are service-specific attributes, such as allowed network destinations, allocated network bandwidth, and delay tolerance.
In many service provider systems, a PPP protocol suite starts and ends a subscriber session. The PPP protocol suite includes specific protocols such as Challenge-Handshake Authentication Protocol (CHAP) and Password Authentication Procedure (PAP) that are used to authenticate a subscriber. These protocols contain fields for passing subscriber credentials. A service provider using the PPP protocol requires that its subscribers use a PPP client that prompts the subscriber for the credentials, and then sends an authentication request that includes the credentials to the NAS. The NAS acts as a PPP peer and terminates the PPP session. It extracts the subscriber credentials, and inserts them as attributes in a RADIUS access request, which it issues to a RADIUS server on the subscriber's behalf. The RADIUS server checks the subscriber credentials against a user catalog and responds with a reject or accept message.
The advent of broadband services has lead to a need for authentication mechanisms other than those that are available in the PPP protocol suite. The majority of broadband solutions today use Dynamic Host Configuration Protocol (DHCP) for subscriber sessions. DHCP is a communications protocol that allows network administrators to manage centrally, and automates Internet Protocol (IP) address assignments in an organization's network. Using the Internet Protocol, each machine that connects to the Internet requires a unique IP address.
DHCP, however, does not include fields for passing user credentials and, therefore, does not include a built-in mechanism for authenticating subscribers. This gives rise to the need for executing authentication transactions from service provider applications using other mechanisms, such as web applications that use HTML login screens.
A challenge found is the lack of a vendor neutral mechanism for authenticating DHCP subscribers. Another challenge found is a lack of a dynamic vendor neutral mechanism for activating and deactivating network services for DHCP subscribers. While there are vendor specific solutions to these challenges, there is not a middleware solution that has effectively addressed a solution across multiple vendor hardware platforms. These vendor specific solutions do not interoperate with other vendor equipment for providing subscriber services.
What is needed, therefore, is a system and method for providing a vendor neutral interface to support subscriber service requests when communicating with heterogeneous network access servers.