RE: Scope of applicability for CUI

[<john.loughney@nokia.com>]

Hi Jari,

> This is an interesting issue. But presumably *some* server
> will eventually learn the true user identity. If this server
> is the TTLS server, it can use CUI to inform the NAS. If this
> server is someone else, that server and the TTLS server need
> to communicate first so that the TTLS server can send the CUI
> to the NAS.
> 
> This also implies that the CUI is something that can be learned
> very late in the process, perhaps even as late as in the 
> Access-Accept.

I agree with this analysis.
 
> By the way, what would be the meaning of CUI for "pay as you go"
> type of approaches, e.g., micropayments or the like over EAP?
> There might not be any billable user identity; the only thing
> that could be provided in those cases is some kind of a session
> identifier so that the home AAA and the NAS can correlate their
> accounting records.

Correct, it could provide a session identifier; or more correctly
a temporary billable session identity.  I haven't thought of all of
the implications.

Actually, taking a step back, if there is a billable user identity,
which is still needed in the pay-as-you-go case, then the CUI can
be used to track & correlate accounting records.  This would be useful
in cases when the user connects and disconnects several times, but
the 'session' is longer than just one of the connection times. 
For example, if you in a hotel and fire-up WLAN in the morning, then
in the afternoon, then in the evening.  The 'session' might be your
entire stay.

John

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>