A Network Access Control Approach for QoS Support Based on the AAA Architecture

Abstract

The primary role of network access control is to decide on the validity of user’s identity accepted into the networks and authorization accessed to the particular resource so that users conforming to their established access polices achieve predefined services. This paper presents a specific scenario which supports quality of service (QoS) in network domain. The QoS access rules are based not only on the identity of end users but also authorization policies related to those users. To achieving that goal, it is necessary to add new functions as QoS authentication and QoS Authorization to the traditional access control schemes, and also some entities able to administrate the information relevant to QoS requirement, identity and decisions. The proposed approach is based on the 802.1X framework and the Authentication, Authorization and Accounting (AAA) architecture owing to the fact that they are the most widely accepted and deployed standards for network access control. XACML (eXtensible Access Control Markup Language) is used to express QoS resource assignment and authorization policies, and SAML (Security Assertion Markup Language) is selected to exchange and transport related messages. The proposed approach supports QoS provision by ensuring that only validated user with appropriate QoS requirement which satisfies the QoS access policies can get resource reserved, then the user can use the resource exclusively during the corresponding QoS session. This approach provides QoS support effectively cooperating with resource reservation technology.