[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AW: -01 version of Chargeable User Identity



Hi Barney, all

No, the NAS is not going to bill the end-user directly.  But, it could
use a unique identity (known by the home network) that can be associated
to a session, for possible charging disputes in future.  In general, a
unique identity (known by the home network) is useful to all parties
involved in *roaming* transaction for correlating the authentication and
accounting packets.  I think we all are in agreement on this point.  Now
whether or not this can be addressed by Class(25), UserName(1), or a new
attribute CUI is under debate here.  On use  of Class(25) attribute
(which mostly discussed in this thread), it does not address the problem
completely as its content opaque and cannot be interpreted by the
entities outside the home network.  Of course, in roaming situations,
where there is a bilateral agreement between parties on use and
interpretation of the Class(25) attribute, then it works.  But, we don't
think bilateral agreements scale in a complex global roaming.   

The proposed CUI attribute is optional, hence it should be used where
there is a need for it.  In situations where the class(25) attribute
works fine, no need to introduce CUI.  

BR,
Farid  


> 
> I still don't understand the local (ie, NAS) problem.  It's not going
> to bill the end user directly, in any scenario that makes 
> business sense.
> If for no other reason, it has no billing address or credit 
> card number,
> just, even given CUI, joeblow@example.com.  So for whom is 
> CUI intended?
> 
> > However, the argument was made that if the "local realm" 
> needs assurance,
> > it can't get this from Class, since that this attribute is 
> to be treated
> > as opaque data by RADIUS clients.  So I think the argument 
> for CUI is one
> > that originates from the local realm, not the home server.
> 
> What does "assurance" mean?  Does it mean that somehow the 
> Access-Accept
> is more trustworthy because the home server said it was 
> joeblow@example.com
> rather than just anony.mouse@example.com?  Why does the NAS's 
> owner care?
> 
> > Does this make sense??
> 
> Call me stubborn, but I still see the only scenario where CUI 
> is required
> would be where the access and accounting servers are run by different
> organizations that fail to negotiate a format for Class, and 
> where (despite
> that) the accounting server is willing to trust what the access server
> says about the user's identity.  I find it hard to believe 
> this is a real
> case, or to sympathize if it is.
> 
> Oh, wait.  We did hear the scenario.  The NAS or proxy is 
> pricing based on
> the maximum number of distinct users per time-period, rather 
> than on total
> minutes of use or number of calls or anything else easy to 
> record.  For this
> we are talking about attribute support negotiation, servers 
> keeping state
> on NAS capabilities and such?
> 
> -- 
> Barney Wolff         http://www.databus.com/bwresume.pdf
> I'm available by contract or FT, in the NYC metro area or via 
> the 'Net.
> 
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>