RE: Chargeable-User-Identity

["David B. Nelson" <dnelson@elbrysnetworks.com>]

Thomas Wolniewicz writes...

> We do not want to have a chance of sites collecting
> their data together and create user mobility profiles.

Ah.  CUI can accommodate that, in terms of accounting behavior.  As long as
the home AAA server retains all bindings between CUI and the actual user
identity for as long as may be needed for billing reconciliation, it can
issue a unique CUI for every authenticated "session".

That would preclude third parties from tracking the user's roaming behaviors
based on matching up CUI values.  Of course, it would also preclude third
parties from building user blacklists based on CUI values.

> So, when we generate the CUI value we want to feed in the
> User-Name and the visited network identifier and produce an
> opaque value.

I see.  You want a CUI that is re-used for access via a single remote access
provider, for purposes of blacklisting, but not re-used across multiple
providers to prevent them from sharing data and tracking user roaming
patterns.

That much is now clear.

> This is why we want a visited network identifier passed to
> the home institution.

Yep.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>