摘要 |
The invention relates to a method for requesting access to services across a computer network, preferably although not exclusively to a network in which access is controlled by a AAA server. Instead of defining on the AAA server all possible network devices that may require or provide access, along with the respective services they may need, in the present invention the network devices submit access request messages which include information both identifying the device and also specifying explicitly which services are needed. On receipt of such requests, the AAA server uses its internal policies to confirm or deny access, to select appropriate services from those requested, and to instruct the provisioning of those services. The invention provides additional granularity in authentication/authorization, and also significantly reduces the amount of work required to set up and maintain the AAA server.
|