[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Scope of applicability for CUI

To: "'Nelson, David'" <dnelson@enterasys.com>
Subject: RE: Scope of applicability for CUI
From: Avi Lior <avi@bridgewatersystems.com>
Date: Thu, 16 Dec 2004 16:09:16 -0500
Cc: "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>

David,

> If so, how is linking the use of CUI to the use of EAP 
> authentication inappropriate?

Why is it necessary?

> -----Original Message-----
> From: Nelson, David [mailto:dnelson@enterasys.com] 
> Sent: Thursday, December 16, 2004 1:29 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Scope of applicability for CUI
> 
> 
> 
> Avi Lior writes...
> 
> > There maybe others that I am not aware of.
> 
> It's hard to design practical and interoperable protocols to 
> meet the requirements of unknown use cases -- so perhaps we 
> can focus on the known ones.
> 
> > But these specific once are the once that we have seen 
> requests for. I 
> > believe these are mentioned in the draft as request by folks here.
> 
> OK.  Since User-Name re-write is considered "evil" in roaming 
> applications, because it changes the routing for RADIUS 
> request traffic, can we assume that only addressing use case 
> (B) is sufficient to meet the current needs?
> 
> If so, how is linking the use of CUI to the use of EAP 
> authentication inappropriate?
> 
> > > A) when the User-Name re-write feature (for accounting
> > > purposes) obscures the original authentication identity, or
> > >
> > > B) when the RADIUS authentication method is EAP, allowing for a 
> > > "method internal" user identity for authentication, and an 
> > > "anonymous" or "routing-only" value in User-Name.
> > >
> > > These use cases are further restricted to multi-party 
> (e.g. roaming
> > > consortia) environments, because for deployments where 
> the NAS and 
> > > the Home RADIUS server belong to a single administrative 
> entity the 
> > > Class attribute has been seen to be sufficient.
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: CUI - issues addressed in version 3
Next by Date: RE: Scope of applicability for CUI
Previous by thread: RE: Scope of applicability for CUI
Next by thread: RE: Scope of applicability for CUI
Index(es):
- Date
- Thread