How does the NAAS Authentication Service work? What are the possible scenarios?

How does the NAAS Authentication Service work? What are the possible scenarios?
Prev	Chapter 2. Security	Next

NAAS supports two authentication models: Direct Authentication and Delegated Authentication. In the direct authentication model, a user authenticates using NAAS and obtains a security token. The user then uses the token to access a Network node. The Network node performs a requested operation only after the security token is validated using NAAS.

In the delegated authentication model, the user sends an authentication message to a Network node. The node delegates the authentication request to NAAS for processing. Upon successful verification of user identity and credential, NAAS returns a security token to the Network node, and the token is eventually sent back to the caller.

The advantage of the delegated authentication is that the user doesn't need to know anything about NAAS at all, but incurs a small performance penalty because the message is relayed to NAAS by the Network node.

Prev	Up	Next
Can I use my security model in conjunction with NAAS?	Home	How does Authorization work? What do I need to do to take advantage of Authorization?