[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on "RADIUS Design Guidelines" document

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: Re: Comments on "RADIUS Design Guidelines" document
From: Alan DeKok <aland@deployingradius.com>
Date: Tue, 03 Mar 2009 19:02:54 +0100
Cc: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
In-reply-to: <BLU137-W4267E42820AD3DCB8F1DF393AD0@phx.gbl>
References: <BLU137-W53F361CCAAD44C8AF38EC693AF0@phx.gbl> <EDC652A26FB23C4EB6384A4584434A040145377A@307622ANEX5.global.avaya.com> <BLU137-W28E963586D36F1862428C993AC0@phx.gbl> <49A64FDD.7070104@deployingradius.com> <BLU137-W285F8A00E55A9EB7FA239B93AD0@phx.gbl> <49A6CBC7.1090403@deployingradius.com> <BLU137-W4267E42820AD3DCB8F1DF393AD0@phx.gbl>
User-agent: Thunderbird 2.0.0.19 (Macintosh/20081209)

Bernard Aboba wrote:
>> > OK. The question still remains, though. If an attribute is only used in
>> > Accounting-Request packets, does the argument against complex
>> > attributes still apply?
>>
>> My preference would be to say yes, especially where the contents of
>> that attribute are interpreted by *later* policies on the server.
> 
> Now that we have RFC 5176, accounting data can be kept as "state" that is
> later used to construct CoA/Disconnect-Requests.  Is this what you mean?

  No.

  I mean billing based on information in the accounting packets, and
policies based on billing && the state of the user account.

  e.g. Some NAS vendors "helpfully" put traffic usage into a VSA, as a
set of text fields: "476 529 8836734 347474", as "packets in/out, octets
in/out".

  The fact that this is obviously stupid is beside the point.  *Any*
accounting data that is buried inside of a sub-field will magically
become critical information that some company needs to run their billing
engine.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Last look at "RADIUS Design Guidelines" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: Last look at "RADIUS Design Guidelines" document
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- Comments on "RADIUS Design Guidelines" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- Re: Comments on "RADIUS Design Guidelines" document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Comments on "RADIUS Design Guidelines" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- Re: Comments on "RADIUS Design Guidelines" document
  - From: Alan DeKok <aland@deployingradius.com>
- RE: Comments on "RADIUS Design Guidelines" document
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: RE: Issue 282: cert validation, proposed text
Next by Date: IETF 74 Agenda - Take Two
Previous by thread: RE: Comments on "RADIUS Design Guidelines" document
Next by thread: submission of DNS-based dynamic discovery for RadSec (and DTLS)
Index(es):
- Date
- Thread