[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dave Nelson wrote:
> Wait. Now you've got me confused. I though that Operator-Name was being
> proposed, in the eduroam usage scenario, to carry the name of the visited
> network. In other words, the name of a consortium member. Do you mean to
> convey that the names of the visited networks, the eduroam consortium
> members, are also considered private and sensitive? Gee...
Well, not the names of consortium members, but fact that a particular
user is in a particular location is, of course, private and sensitive.
Quoting from the abstract of RFC 5580:
The distribution of location information is a privacy-sensitive task.
Dealing with mechanisms to preserve the user's privacy is important
and is addressed in this document.
Since the visited network does not bill us for our users, we have no
reason to know where our user is, but more importantly, we would not
want this information to travel in the open.
We want to have the Operator-Name (or equivalent) for just one reason -
when we generate the CUI we want to do something like:
This way we will have different CUIs for the same user visiting
different networks and we will also be safe against a dictionary attack
against the User-Name when the Operator-Name is known).
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.