The connection between the device and the ACS is not permanent.
The device establishes the connection with the ACS only at specific
points in time. It usually lasts several seconds, just enough to exchange all
necessary messages between CPE and the ACS. This short exchange of
messages is called a provisioning session.
The provisioning session is divided into a few phases:
The session is always initialized by the device that connects to the ACS.
The ACS must verify a username and a password provided by the
device to continue the session. By default the password is not sent
publicly because HTTP Digest method is used. Additional security of
the authentication can be achieved by using the HTTPS protocol with
mutual certificates verification.
Devices are identified on the basis of information sent during
initialization of the provisioning session. Namely, a device's serial
number and manufacturer's unique identifier that together constitute a
main identifier of the device in the ACS. A MAC address is not used as
the identifier but it is saved by the ACS, making it easier to find the
device in the ACS GUI later on.
Tasks execution on the device
When the device is identified and its communication part ends, a key
phase of the session starts - the ACS orders various tasks on the
device. These might include reading or saving parameters, performing
diagnostics, rebooting or ordering file transfers.
When all planned tasks have been ordered, the device closes the
session. Any further tasks need initialization of a new session.