Authentication, Authorization, and Accounting

Project type: Main

This is also referred to as triple A , It is an implementation of an enterprise-level identity provider for the OpenDaylight controller.

AAA projects have a larger domain that includes not only authenticating the users accessing the ODL web interface, but also acting as an identity provider for ODL. If you are familiar with OpenStack, you'd know that it is similar to what a keystone project does in an OpenStack platform, although with some different features and capabilities.

Let's go back to the basic principles in order to become familiar with AAA. It stands for authentication, authorization, and accounting. It is a mechanism for gaining access control, defining who can access the system, and what resources they can access :

• Authentication: This means verifying the authenticity of the identity of both human and machine users that are independent of the choice of binding.
• Authorization: This means authorizing the specific user who has authentication to access all resources or levels of the system, including RPCs, notification subscriptions, and subsets of the data tree.
• Accounting: This means recording and accessing the records of an authenticated user who has accessed and used the system. Accounting has different parameters and can be viewed in the form of time of use, resources used, or amount of traffic transferred to the authenticated user.

AAA provides a pluggable mechanism for performing authentication authorization accounting functions. You will be able to use it via APIs within your SDN application or when using other integrated SDN applications.