[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Scope of applicability for CUI
Hi Barney,
>
> On Tue, Dec 21, 2004 at 04:14:52PM -0500, Nelson, David wrote:
> >
> > There have been suggestions made that the content of CUI has some local
> > semantics at the NAS or a Proxy, beyond its utility for inclusion in
> > on-line or off-line accounting records. To the extent that common use
> > cases for local semantics (e.g. limitation of simultaneous logins) are
> > identified, they should be documented, in the interest of global,
> > multi-vendor interoperability.
> >
> > Given this description of CUI, what is the utility of the opaque data
> > format of CUI? I understand that opaqueness can be rendered transparent
> > with the bilateral sharing of proprietary information, pursuant to a
> > business contract. However, that exception notwithstanding, if the
> > intent of CUI is visibility and utility to the NAS and to the Proxies, I
> > suggest that the opaque data format be removed from the draft.
>
> Whether the CUI is opaque or an NAI does not change the fact that
> it should be meaningful only to the home server. The only test
> that the NAS/proxy should be able to make on CUI is for equality
> to some previously seen CUI. Otherwise the privacy of the user has
> been compromised for no legitimate reason. A business agreement
> on how long a one-to-one relation between CUI and the "true" user
> identity must persist does not depend in any way on the form of the
> CUI. Given that, I would have said the opposite, that CUI should
> always be an opaque octet string.
I agree with your interpretation. I don't see how the opaqueness hurts
interoperability here.
John
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>