RE: Scope of applicability for CUI

["Nelson, David" <dnelson@enterasys.com>]

Avi Lior writes...

> There maybe others that I am not aware of.

It's hard to design practical and interoperable protocols to meet the
requirements of unknown use cases -- so perhaps we can focus on the
known ones.

> But these specific once are the once that we have seen requests for.
> I believe these are mentioned in the draft as request by folks here.

OK.  Since User-Name re-write is considered "evil" in roaming
applications, because it changes the routing for RADIUS request traffic,
can we assume that only addressing use case (B) is sufficient to meet
the current needs?

If so, how is linking the use of CUI to the use of EAP authentication
inappropriate?

> > A) when the User-Name re-write feature (for accounting
> > purposes) obscures the original authentication identity, or
> >
> > B) when the RADIUS authentication method is EAP, allowing for
> > a "method internal" user identity for authentication, and an
> > "anonymous" or "routing-only" value in User-Name.
> >
> > These use cases are further restricted to multi-party (e.g. roaming
> > consortia) environments, because for deployments where the
> > NAS and the Home RADIUS server belong to a single
> > administrative entity the Class attribute has been seen to be
> > sufficient.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>