Access protocols
What Are Access Protocols?
Access protocols are standardized communication rules that govern how users, devices, or systems authenticate their identity, obtain authorization, and establish permitted sessions with a network or computing resource. They define the message formats, sequence of exchanges, and cryptographic operations that both parties must follow before a principal is granted entry to a protected system. Access protocols sit at the intersection of networking and security engineering, and they underpin everything from corporate Wi-Fi authentication to web application login flows.
The field draws from cryptographic protocol theory, network engineering, and operating system security research. Early access protocols in the 1970s and 1980s were often specific to a single vendor or service, but the growth of networked environments through the 1990s drove the development of open, interoperable standards under bodies such as the IETF and IEEE.
Authentication Protocols
Authentication protocols handle the first challenge in any access scenario: verifying that a claimed identity is genuine. The Password Authentication Protocol (PAP) and its successor Challenge Handshake Authentication Protocol (CHAP) were early dial-up standards. The Extensible Authentication Protocol (EAP), defined in IETF RFC 3748, provides a general framework that carries specific authentication methods, including certificates, tokens, and biometric credentials, over arbitrary network transports. EAP is central to the IEEE 802.1X port-based network access control standard, which locks a physical or logical port until the attached device successfully authenticates. SAML 2.0 and OpenID Connect address authentication at the application layer, enabling single sign-on across organizational boundaries through assertion and token exchange.
Network Access Protocols
Once identity is established, network access protocols handle authorization and session admission. RADIUS (Remote Authentication Dial-In User Service) bundles authentication, authorization, and accounting (AAA) into a client-server protocol widely deployed in enterprise wireless networks, VPNs, and ISP infrastructure. DIAMETER, standardized in IETF RFC 6733, extends RADIUS with support for roaming, quality-of-service negotiation, and large-scale mobile network applications. TACACS+ provides similar AAA functions but separates each function into distinct protocol exchanges, giving network operators finer-grained control over authorization policy. These protocols typically operate between a network access server and a centralized policy server, with the policy server consulting a directory such as LDAP or Active Directory.
Human Verification Mechanisms
A distinct class of access challenge addresses the boundary not between authenticated and unauthenticated users but between human users and automated bots. CAPTCHAs (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) present cognitive or perceptual tasks that statistical models of the time cannot reliably solve. The NIST glossary defines CAPTCHA as a test designed to distinguish human users from automated programs, and the W3C's accessibility analysis of CAPTCHA systems documents the accessibility tradeoffs that different challenge types create for users with disabilities. As machine learning has improved at solving image and audio challenges, CAPTCHA designs have evolved toward behavioral signals, such as cursor movement patterns and interaction timing, that are harder for automated scripts to replicate faithfully.
Applications
Access protocols have applications in a wide range of disciplines, including:
- Enterprise network admission control and Wi-Fi authentication
- Web application single sign-on and identity federation
- Mobile network subscriber authentication in 4G LTE and 5G systems
- VPN and remote access services for distributed workforces
- API security and OAuth 2.0 token-based service authorization