[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: -01 version of Chargeable User Identity
On Thu, Oct 21, 2004 at 07:29:05PM -0700, Bernard Aboba wrote:
> > > I think this is not a real issue, at least for the NAS. After all, the
> > > NAS (perhaps with proxy help) managed to get the Access-Request to a
> > > server that was willing to -Accept. The bill must go to the organization
> > > responsible for that server. Whether the server can then bill some
> > > individual/organization is the server's problem, not the NAS's.
> > >
> > > Surely as a matter of ordinary business practice, a server cannot say
> > > "provide service" but then refuse to accept billing for that service.
>
> But in a roaming situation, it is the problem of the local realm that
> provided the service, not the "home server", no? If it is purely the
> problem of the "home server" then the Class attribute can be used by
> the home server and there is no need for CUI, as you point out.
I still don't understand the local (ie, NAS) problem. It's not going
to bill the end user directly, in any scenario that makes business sense.
If for no other reason, it has no billing address or credit card number,
just, even given CUI, joeblow@example.com. So for whom is CUI intended?
> However, the argument was made that if the "local realm" needs assurance,
> it can't get this from Class, since that this attribute is to be treated
> as opaque data by RADIUS clients. So I think the argument for CUI is one
> that originates from the local realm, not the home server.
What does "assurance" mean? Does it mean that somehow the Access-Accept
is more trustworthy because the home server said it was joeblow@example.com
rather than just anony.mouse@example.com? Why does the NAS's owner care?
> Does this make sense??
Call me stubborn, but I still see the only scenario where CUI is required
would be where the access and accounting servers are run by different
organizations that fail to negotiate a format for Class, and where (despite
that) the accounting server is willing to trust what the access server
says about the user's identity. I find it hard to believe this is a real
case, or to sympathize if it is.
Oh, wait. We did hear the scenario. The NAS or proxy is pricing based on
the maximum number of distinct users per time-period, rather than on total
minutes of use or number of calls or anything else easy to record. For this
we are talking about attribute support negotiation, servers keeping state
on NAS capabilities and such?
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>