[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAI decoration: User Identity issues




Speaking as a trusted intermediary:

iPass supports a variety of billing models including usage based,
per-user flat rate, and pooled flat rate. The flat rate billing plans
require that each unique user be identifiable, with the identification
being persistent over a billing period (most often a month).

Even for straight usage based billing plans, it is necessary to have a
unique persistent identification for each user in order to detect
unusual roaming patterns such as concurrent sessions or someone's
credentials being used in geographically distributed locations.

To specifically answer your question below, we produce detailed call
records for every session that runs across our network. Many of our
customers correlate the information we give them down to the individual
user level. Enterprises use this to understand what their power-users
are up to and ISPs use this to bill from.

In summary, whatever mechanisms are adopted for privacy protection need
to support persistent unique identification of a given user over an
arbitrary billing period/usage period and also need to maintain the
integrity of the routing information in the original NAI.

-Roy 

Roy D. Albert
ralbert@ipass.com
 

-----Original Message-----
From: Nelson, David [mailto:dnelson@enterasys.com] 
Sent: Thursday, July 15, 2004 11:19 AM
To: Avi Lior
Cc: radiusext@ops.ietf.org
Subject: RE: NAI decoration: User Identity issues

> The intent of User-Alias in the draft (note the draft calls it
User-Alias
> as opposed to Billable-Identity) is to allow intermediaries to
associate
> this AAA transaction with an actual User without revealing the
identity
> of the user.  It's a handle to a user.

And from a business perspective the intermediates do what with the
User-Alias?  Use it to prepare a detailed monthly billing statement for
each home entity, including session times for all the User-Aliases?
Just curious.

-- Dave



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>