What does 'AAA' refer to in access control?

The term 'AAA' in access control stands for Authentication, Authorization, and Accounting.

Authentication is the process of verifying the identity of a user or system, ensuring that the entity requesting access is who it claims to be. This can involve various methods, including passwords, biometrics, and security tokens.

Authorization follows authentication and determines what an authenticated user is permitted to do. It involves the process of granting or denying access to resources, based on the user's permissions or roles.

Accounting, the third component, involves tracking and recording user activities within a system. This includes monitoring what resources were accessed, the time spent, and any changes made. Accounting provides valuable insights for auditing purposes and can help in detecting unauthorized access or anomalies in behavior.

Thus, the sequence of Authentication, Authorization, and Accounting is a foundational concept in access control mechanisms, ensuring secure and well-regulated management of user access to resources and data.