An apparatus (such as a AAA node of a core/operator network) receives from a relying party an initial credit control request that bears first information comprising a relying party identifier, a service context identifier for a service to be provided by the relying party, and a token that authenticates a subscriber. The first information is extracted and forwarded to a core network accounting server that stores account information for the subscriber. The relying party is not within the core network. In reply to forwarding the extracted first information, the apparatus receives from the accounting server a credit control answer that bears second information comprising the relying party identifier, the service context identifier, and a grant indicating the subscriber may be charged a fee for the service to be provided by the relying party. The second information is extracted and forwarded to the relying party.