[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AW: Privacy (Was: Re: NAI decoration: User Identity issues)

To: Barney Wolff <barney@databus.com>, Jari Arkko <jari.arkko@piuha.net>
Subject: RE: AW: Privacy (Was: Re: NAI decoration: User Identity issues)
From: Avi Lior <avi@bridgewatersystems.com>
Date: Tue, 20 Jul 2004 20:09:18 -0400
Cc: Lothar Reith <lothar.reith@nortelnetworks.com>, "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>

In proxy scenarios a RADIUS intermediary acts as a server and a client.

The Intermediary (acting as a server) can *completely* re-write the username
attribute as it sends the access accept message to its client. 

The only requirement is that a Client (in this case the intermediary )
replace the username that it received from it's server in the Acccounting
Messages that it sends to that server.

Because of this behavior it is *not* guaranteed that RADIUS Intermediaries
or the NAS will actually see what the home network has placed in the
username attribute in the access request.

User-Identity-Alias seperates the routing out and allows us to have cleaner
solutions.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)
  - From: Barney Wolff <barney@databus.com>

Prev by Date: Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)
Next by Date: RE: Privacy (Was: Re: NAI decoration: User Identity issues)
Previous by thread: Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)
Next by thread: Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)
Index(es):
- Date
- Thread