Are there problems when RADIUS or Diameter is used for application layer authentication, authorization and accounting? Well, there are security aspects that need to be addressed. What happens to the credentials that are provided to the application provider (such as a VoIP provider, Web Service, …).
The following figure shows the high-level architecture:
There are the following choices:
* Use the credentials you have. Assume they are do not cause security problems when observable by the application provider. This is particularly true when the application provider and the identity provider belong to the same company/trust domain.
* Use a security authentication framework in context with the
* Bootstrap secure credentials based on (potentially) insecure onces