Let’s Not Forget Authorization

6:00 PM -- Mention AAA, and most people think of the folks who fix flat tires and jump dead batteries. Those in the defense world might think of Automatic Anti-Aircraft guns. But for us geeks, AAA is Authentication, Authorization, and Accounting, three key elements in network operations and frequently packaged together in unified solutions.

Authentication is one end of the connection proving its identity to the other. There are lots of mechanisms for this, like digital certificates and, my personal favorite, two-factor authentication, which involves something you have (like a hardware token) plus something your know (a password). Mutual authentication is particularly important in wireless applications, where the other end of the connection is often invisible, to avoid such problems as the evil twin situation. Accounting is just that -- logs, bills, and such.

In the middle, though, is the most important element of all. While authentication is all about who you are, authorization is all about what you’re allowed to do. One of the arguments against open access, on which the FCC recently decided to move forward on a somewhat limited basis, is that, well, just anyone might be allowed on the open-access service. This could (but not necessarily) be true with respect to devices, but it says nothing about specific users of those devices. Keep in mind that, just because one might have a device that’s interoperable with a given network, this doesn’t mean that anyone can do anything in particular on that network. That’s what authorization is all about, and why open access isn’t unless it considers both technology and permission.

— Craig Mathias is Principal Analyst at the Farpoint Group , an advisory firm specializing in wireless communications and mobile computing. Special to Unstrung

Sign In