Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)

[Klaas Wierenga <Klaas.Wierenga@SURFnet.nl>]

Bernard Aboba wrote:

Bernard,

> > Possibly. In the Netherlands most universities are in such a 'roaming
> > consortium' to provide guest access to eachothers wireless LANs based on
> > 802.1X+RADIUS. Some universities want to know the real identity of a
> > user in case of abuse. The alternative is to agree on a logging format
> > so that abuse can be tracked down by contacting the home organisation of
> > the user, but this may be difficult (many log entries for
> > anonymous@university-a.nl) and requires in any case a lot of coordination.
> > And a bit further along the road, possibly the visited institution wants
> > to do more advance authorisation based on the identity of the user (did
> > he complete math101, is he a staff member etc.)
>
>
> Can this particular scenario be handled by the attributes that exist
> (User-Name, Class) or are being discussed (Billable-Identity)?

To be totally honest, I don't know. I hope to get some students to 
investigate this. I really don't know what would be best/possible, use 
RADIUS for this or perhaps keep the RADIUS infrastructure relatively 
stupid and try to solve this in EAP (talking SAML over EAP??). Any 
thoughts on this would be appreciated.

Klaas

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>