Diameter
An IETF peer-to-peer protocol for authenticating remote users across a network. Intended as a supplement or replacement for RADIUS, which was designed for authentication over dial-up connections.
Like RADIUS, Diameter is a "triple-A" protocol - it authenticates and authorizes users and performs basic back-end accounting services for bookkeeping purposes.
Also like RADIUS, the basic Diameter transaction involves what are called attribute value pairs (AVP). For example, an AVP might be "user ID" and "Joe Smith," or "password" and "goldfish."
Upon receiving an authentication request, a RADIUS or Diameter server typically issues the user ID attribute as a challenge, to which the requesting user system responds with the user value - the ID. Then the server issues the password attribute. If the user value response is correct, the user is considered authentic.
But the AVP exchange goes beyond simple authentication, and this is where authorization comes in. Through its other value pairs, the server can further qualify the user to determine the specific resources to which the user will be granted access. For instance, access to a high-security application might require the user to supply a private-key code.
This is possible with RADIUS but easier to implement with Diameter because Diameter lets a remote server send unsolicited messages to a client. This way, if the user sends only the password, the Diameter-equipped server sends another message, requesting the private-key code.
Perhaps the most important difference between Diameter and RADIUS involves the scope of AVP use. The RADIUS address space is limited to 256 value pairs. However, Diameter features a 32-bit AVP address space, enough for a million or more pairs. This AVP potential is what gives Diameter extensibility. The more powerful Diameter value pairs are also able to serve mobile, nondial-up users.
For instance, one Diameter value pair involves "home-agent-address" as the attribute and uses an IP address as the value. A mobile user calling from a cell phone might use this to pass through to the Diameter server of his or her home agent ISP in order to authenticate the user ID and password value pairs. This is how Diameter liberates users from the SLIP or PPP dial-up tethers.
From Diameter extends remote authentication, Network World Tech Update, 01/31/00.
Additional resources
DIAMETER
Site with the latest Diamter RFCs and drafts, along with links to relevant software.
Comments:
Radius
by Debra Cross
I found this to be a very informational site for IT consultants, help desk, enginners, and various other It specialist. I will be forwarded this to my friends
Thanks
debra
Add a comment
