[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Chargeable-User-Identity

To: <radiusext@ops.ietf.org>
Subject: RE: Chargeable-User-Identity
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Mon, 10 Aug 2009 10:59:02 -0400
In-reply-to: <4A80250A.8050808@restena.lu>
Organization: Elbrys Networks, Inc.
References: <4A7FBEFA.2030702@restena.lu> <7EAFF0A0A1794D3EBD594F70458D9983@NEWTON603> <4A80250A.8050808@restena.lu>

Stefan Winter writes...

> It is of course possible to use long-lived IDs.

OK.

> Our concern comes from using long-lived, *globally
> valid* IDs.

Globally valid?  CUI was intended to be valid only to its issuer, i.e., it's
a "cookie".  All other bets are off.  I see that your use case requires a
globally unique surrogate user identifier that NASes and Proxies can use to
build user blacklists.  I'm not sure that the definition of CUI exactly fits
the bill, in that it's possible for two disjoint home AAA servers to issue
the same CUI for completely different users.  Unlikely, perhaps, but
possible.

> That is not the intention of CUI as a semi-permanent identifier
> though. 

Correct.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Chargeable-User-Identity
  - From: Tomasz Wolniewicz <twoln@umk.pl>

References:
- Chargeable-User-Identity
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Chargeable-User-Identity
  - From: "Dave Nelson" <d.b.nelson@comcast.net>
- Re: Chargeable-User-Identity
  - From: Stefan Winter <stefan.winter@restena.lu>

Prev by Date: AW: REMINDER: Call for adoption of RADIUS for IPv6 Access Networks document as a WG work item
Next by Date: RE: Chargeable-User-Identity
Previous by thread: Re: Chargeable-User-Identity
Next by thread: Re: Chargeable-User-Identity
Index(es):
- Date
- Thread