[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADIUS Extension for Management Authorization Draft

To: "Barney Wolff" <barney@databus.com>
Subject: RE: RADIUS Extension for Management Authorization Draft
From: "Nelson, David" <dnelson@enterasys.com>
Date: Thu, 15 Jul 2004 16:33:43 -0400
Cc: <radiusext@ops.ietf.org>

Barney Wolff writes... 

> I agree completely with split-horizon.  That's why I'm uncomfortable
with
> SSO.  I'd be much happier if the outside user had to go through two
> stages, one to get "inside" and the next to do things on the NAS.

I agree that three are potential security issues with SSO in a
multi-party proxy RADIUS environment.  I also believe that SSO has real
value and applicability in enterprise environments, which typically have
a single administrative domain.  For that reason, I think it is worthy
of consideration.  The issues you raise can be addressed effectively
using the split-horizon approach.

-- Dave



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: NAI decoration: User Identity issues
Next by Date: RE: NAI decoration: User Identity issues
Previous by thread: Re: RADIUS Extension for Management Authorization Draft
Index(es):
- Date
- Thread