[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Mandating 3579 and 2486bis for CUI was RE: Scope of applicab ility for CUI
David,
See my last line first then....
We can dream one up if you want. But I don't think that that is necessary.
That is my point.
Just because I am not proposing another usecase that doesn't mean the it
should be made to work only with 3579 and 2486. That is my point and I
think that if you want to explicitly tie this to 3579 and 2486 you have to
justify that. And the justification must show that it wont work otherwise.
But if I cave in I can give you an example where the username and CUI maybe
different. And infact we have this implemented many many time in different
forms.
Family members may have one username for example: papabear@example.com,
mamabear@example.com etc,, while the billing identity is
thebearfamily@example.com. The billing identity may be required outside the
homenetwork.
In wholesale scenario we have situations where you are serving enterprises
where we need to allocate ports based on enterprizes so we can have
joe@example.com and frank@example.com both with CUI west.example.com and
sally@example.com and ann@example.com both with CUI east.example.com.
The CUI can be used to bill to different cost centers or to limits ports
based on west.example.com and east.example.com
So it goes on. Anyway there is no reason to limit the CUI use.
So yes I think we should simply "agree to disagree on this point".
> -----Original Message-----
> From: Nelson, David [mailto:dnelson@enterasys.com]
> Sent: Friday, December 17, 2004 4:35 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Mandating 3579 and 2486bis for CUI was RE: Scope
> of applicability for CUI
>
>
> Avi Lior writes...
>
> > Please demonstrate why this MUST ONLY work if the NAS only deployed
> EAP
> > AND 2486.
>
> Unless we are using EAP/Anonymous authentication, please
> explain why Chargeable-User-ID ought not to be *identical* to
> User-Name? I understand that an implementation *could* make
> them arbitrarily different, but assuming that real
> authentication using visible identity is taking place, why
> would there be an over-riding *need* for these attributes to differ?
>
> Once someone explains the new use case where this makes any
> sense, then we might want to add that use case to the scope
> of applicability for CUI. The argument that some operator
> someday might come up with a good reason does not convince
> me. The fact that one *can* do something is never, IMHO, a
> good reason that one *should* do it. :-)
>
> I'm beginning to suspect that we may need to simply "agree to
> disagree" on this point.
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>