Re: Chargeable-User-Identity

[Stefan Winter <stefan.winter@restena.lu>]

Hi,

> Yes.  In drafting the document, support for anonymity of the user was a
> requirement.  It was felt that a long-lived ID could be used to track the
> user and violate his/her privacy, and thus the CUI *could* be short-lived.
> IIRC, it need not be however.
>
> Exactly what normative text of the RFC do you think prohibits you from using
> long-lived IDs?
>   


It is of course possible to use long-lived IDs. Our concern comes from
using long-lived, *globally valid* IDs. If there are many service
providers in an infrastructure, and all get the same CUI, they could
co-operate and create a mobility profile for the user.
One approach is to keep a global CUI, but make its lifetime rather
short. That is not the intention of CUI as a semi-permanent identifier
though. So we are trying to pursue this other way; but then, a handle to
distinguish service providers from one another becomes necessary.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>