Re: Scope of applicability for CUI

[Barney Wolff <barney@databus.com>]

On Tue, Dec 21, 2004 at 04:14:52PM -0500, Nelson, David wrote:
> 
> There have been suggestions made that the content of CUI has some local
> semantics at the NAS or a Proxy, beyond its utility for inclusion in
> on-line or off-line accounting records.  To the extent that common use
> cases for local semantics (e.g. limitation of simultaneous logins) are
> identified, they should be documented, in the interest of global,
> multi-vendor interoperability.
> 
> Given this description of CUI, what is the utility of the opaque data
> format of CUI?  I understand that opaqueness can be rendered transparent
> with the bilateral sharing of proprietary information, pursuant to a
> business contract.  However, that exception notwithstanding, if the
> intent of CUI is visibility and utility to the NAS and to the Proxies, I
> suggest that the opaque data format be removed from the draft.

Whether the CUI is opaque or an NAI does not change the fact that
it should be meaningful only to the home server.  The only test
that the NAS/proxy should be able to make on CUI is for equality
to some previously seen CUI.  Otherwise the privacy of the user has
been compromised for no legitimate reason.  A business agreement
on how long a one-to-one relation between CUI and the "true" user
identity must persist does not depend in any way on the form of the
CUI.  Given that, I would have said the opposite, that CUI should
always be an opaque octet string.

Regards,
Barney

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>