[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scope of applicability for CUI

To: Avi Lior <avi@bridgewatersystems.com>
Subject: Re: Scope of applicability for CUI
From: Jari Arkko <jari.arkko@piuha.net>
Date: Mon, 20 Dec 2004 22:30:35 +0200
Cc: Emile van Bergen <openradius-radextwg@e-advies.nl>, radiusext@ops.ietf.org
In-reply-to: <F17FB067A86B2D488382C923C532EAA7024A4E82@exch01.bridgewatersys.com>
Organization: None
References: <F17FB067A86B2D488382C923C532EAA7024A4E82@exch01.bridgewatersys.com>
Reply-to: jari.arkko@piuha.net
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316

Avi Lior wrote:

An intermediate proxy when seeing Authentication/Authorization traffic can't
correlated it to a specific user when methods such as EAP are being used.

The only thing a intermediary can do is use class to correlate an accounting
stream with a authentication stream. But it can't correlate that to a
specific user.

So if iPass wants to limit how many times John logs in (and they do) then
they would not be able to do so when certain EAP methods are being used.


Agreed. This is for me the prime reason why CUI is needed.

--Jari


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Scope of applicability for CUI
  - From: Emile van Bergen <openradius-radextwg@e-advies.nl>

References:
- RE: Scope of applicability for CUI
  - From: Avi Lior <avi@bridgewatersystems.com>

Prev by Date: RE: Scope of applicability for CUI
Next by Date: Re: Scope of applicability for CUI
Previous by thread: RE: Scope of applicability for CUI
Next by thread: Re: Scope of applicability for CUI
Index(es):
- Date
- Thread