[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Scope of applicability for CUI
I am sure some of you folks are amuzed by the number of messages and the
circular nature that are being generated for an RFC with one attribute.
CUI is by agreement will be long lived. In some cases where the user's
privacy is not a concern CUI is very long lived.
In other cases it has a life time that is "long enough" to act as a handle
and not too long as to allow it to reveal the user identities. The business
relationship will dictate the length. Is it one billing period, is it a day
etc...
The value of class could change from second to second. In our implmenetation
it would change because it is signed and encrypted etc and the Class
associated with Joe's second login will be almost gauarnateed to be
different.
Avi
> -----Original Message-----
> From: Nelson, David [mailto:dnelson@enterasys.com]
> Sent: Tuesday, December 21, 2004 5:07 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Scope of applicability for CUI
>
>
> Avi Lior writes...
>
> > Amongst other differences Class can change between
> authentications of
> the
> > same subscriber.
> >
> > Joe logs in Class = A
> > Joe logs in again Class = B.
>
> And given the finite lifetime of a single instance of CUI,
> who's to say that Joe won't get two different (temporary)
> instances of CUI upon successive logins? I don't see this as
> a fundamental (i.e. invariate, always true) difference
> between the attributes.
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>