Identity Mangement with Diameter and RADIUS for Application Layer Services

Are there problems when RADIUS or Diameter is used for application layer authentication, authorization and accounting? Well, there are security aspects that need to be addressed. What happens to the credentials that are provided to the application provider (such as a VoIP provider, Web Service, …).

The following figure shows the high-level architecture:

AAA Model

There are the following choices:

* Use the credentials you have. Assume they are do not cause security problems when observable by the application provider. This is particularly true when the application provider and the identity provider belong to the same company/trust domain.

* Use a security authentication framework in context with the
application server.
Example:

* Bootstrap secure credentials based on (potentially) insecure onces
Example:

1 thought on “Identity Mangement with Diameter and RADIUS for Application Layer Services

Leave a Reply

Your email address will not be published. Required fields are marked *