[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Scope of applicability for CUI (was: RE: AW: backwards compatible introduction of NEW attribute such as CU I)
- To: <firstname.lastname@example.org>
- Subject: Scope of applicability for CUI (was: RE: AW: backwards compatible introduction of NEW attribute such as CU I)
- From: "Nelson, David" <email@example.com>
- Date: Thu, 16 Dec 2004 13:07:16 -0500
Avi Lior writes...
> I stated this in another email but I want to do it here as well. I
> think that CUI should be tied down to 3579.
CUI is only *needed* when User-Name doesn't serve the purpose. What are
the use cases when User-Name isn't sufficient? I think they are:
A) when the User-Name re-write feature (for accounting purposes)
obscures the original authentication identity, or
B) when the RADIUS authentication method is EAP, allowing for a "method
internal" user identity for authentication, and an "anonymous" or
"routing-only" value in User-Name.
These use cases are further restricted to multi-party (e.g. roaming
consortia) environments, because for deployments where the NAS and the
Home RADIUS server belong to a single administrative entity the Class
attribute has been seen to be sufficient.
Are there any other relevant use cases?
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.