Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)

[Klaas Wierenga <Klaas.Wierenga@SURFnet.nl>]

Lothar Reith wrote:

Lothar,

> Is there any reason that the roaming consortium or the local access 
> network *needs* to know the  *true" user identity, in case of the 
> authenticating user (or the home network) requesting privacy ?

Possibly. In the Netherlands most universities are in such a 'roaming 
consortium' to provide guest access to eachothers wireless LANs based on 
802.1X+RADIUS. Some universities want to know the real identity of a 
user in case of abuse. The alternative is to agree on a logging format 
so that abuse can be tracked down by contacting the home organisation of 
the user, but this may be difficult (many log entries for 
anonymous@university-a.nl) and requires in any case a lot of coordination.
And a bit further along the road, possibly the visited institution wants 
to do more advance authorisation based on the identity of the user (did 
he complete math101, is he a staff member etc.)

Klaas

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>