== AAA overview ==
Access control is an optional service on the SENSEI test platform. Each public interface in the system can be access controlled or not, at the owner's discretion. 
Two basic components are required to enable access control:
* an identity provider, which in the SENSEI architecture is a Security Token Service
* an access control decision making function, which in the SENSEI architecture is a AAA block

[[PageOutline(2-3,Table of Contents,inline)]]

== Identity provider: STS ==
A Security Token Service needs to be deployed for each security domain. 
=== Deployment ===
tbd
=== Management ===
tdb, including peering.

== Access control decision making: AAA block ==
A system provider MAY choose to deploy a AAA block. If it does not, resource and framework component providers wishing to use access control will have to provide their own.
=== Deployment ===
tbd
=== Management ===
==== Handling access controlled entities ====
* registering policies
tbd
* what policies should contain
tbd
==== Accounting interface ====
* what it does
tbd
* how to view / reset / etc
tbd