What are the mechanisms supported by AAA (109/285 technotes for 2015)?

• SAML
• SAML, a user can login to one system in an environment, and then will be able access to other systems in that environment without needing to login again (until the web browser session is ended).

• XACML PEP/PDP - 
• eXtensible Access Control Markup Language 
• Policy Enforcement Point/ Policy Decision Point
• The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies.

• Kerberos & SPNEGO
• a protocol for authentication
• uses tickets to authenticate
• avoids storing passwords locally or sending them over the internet
• involves a trusted 3rd-party
• built on symmetric-key cryptography
• Kerberos is normally deployed in a client/server environment. It is rarely used in web-applications and thin client environments.

• Because of this, SPNEGO comes to the rescue. It stands for Simple and Protected GSS-API Negotiation Mechanism, which provides a mechanism for extending a Kerberos based single sign-on environment to web-applications.

References:

• http://www.roguelynn.com/words/explain-like-im-5-kerberos/
• https://en.wikipedia.org/wiki/SPNEGO
• http://thekspace.com/home/component/content/article/54-kerberos-and-spnego.html
• http://wso2.com/library/articles/2014/02/introduction-to-security-assertion-markup-language-2.0/