[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Glen Zorn writes:
> The encoding of the attributes in 5580 isn't really so unusual: similar
> encodings have been around for years (see the CHAP-Password (RFC 3588) & the
> tunnel attributes (RFC 2868)).
The expected use of the Operator-Name attribute is, obviously, to carry
a unique operator identifier, be it a registered domain name or some
officially assigned id. For some applications, a global identifier is
not required or perhaps even harmful. I do not feel too happy about
eduroam Access-Request packets possibly carrying a user certificate with
his real name, or an unhidden e-mail address, accompanied by the domain
name of the visited network. It's true, that home institutions should
take care that users do not display their true identity and one could
say, why should we be worried if they do not do that, but still, we
(eduroam) do not need this open identifier of the institution. In fact,
the visited network could produce a different identifier for every realm
it needs to contact.
So now a suggestion. Would it be acceptable to register a namespace ID
for "private" usage, Something like the private IP address classes.
Operator-Name value tagged this way, would then be known to contain
stuff, that is not guaranteed to be universally unique and does not
adhere to any universal syntax (except being ASCII text).
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.