[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Isms] RE: Follow up on Authorize Only issue

To: <isms@ietf.org>, <radiusext@ops.ietf.org>
Subject: RE: [Isms] RE: Follow up on Authorize Only issue
From: "Nelson, David" <dnelson@enterasys.com>
Date: Wed, 26 Jul 2006 16:03:22 -0400

Avi Lior writes...

> But 3576 and WG decided not to go there.

Unless I'm mistaken, RFC 3576 was not the work product of any WG.  It
occurred after the RADIUS WG closed, and prior to the RADEXT WG opening.

> In hindsight, Authorize/Authetnication/Callcheck/etc should have used
an
> attribute specifically for that purpose.

Perhaps.

> The lesson is that we should be learning is not to overload
attributes.

I agree.
 
> I think introducing another Authorize-Only semantic is bad as well. I
> think that saying that Authorize-Only is only a 3576 think flies in
the
> nature of all RADIUS RFCs.

There are potential disadvantages, primarily in terms of how existing
RADIUS servers are implemented, but I don't see this as quite so much of
a problem.

> Finally, in view of the overloading of Service-Type, the use of
> NAS-Port-Type to provide a context for the type of service being
> requested is not ideal but it does work.

IMHO, overloading NAS-Port-Type is as bad as, if not worse than,
overloading Service-Type.  Overloading is overloading.  Overloading is
bad.  ;-)


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Summary of Authorize Only issue
Next by Date: RE: Summary of Authorize Only issue
Previous by thread: RE: [Isms] RE: Follow up on Authorize Only issue
Next by thread: Summary of Authorize Only issue
Index(es):
- Date
- Thread