Re: Scope of applicability for CUI

["Alan DeKok" <aland@ox.org>]

Barney Wolff <barney@databus.com> wrote:
> I beg to differ.  Class is simply an octet string sent, via a meandering
> route,

  I'm not sure what you mean by "a meandering route".  The
participants in the RADIUS conversation are well-known, and named.  We
should use those names to avoid miscommunication.

> from the sender of an Access-Accept to the receiver of an
> Accounting-Request.  Any interpretation of the octets is strictly up
> to those two parties, and no other characterization of Class can be made.

   I agree.  But for those two parties, the Class attribute
establishes some kind of "opaque token" which they have associated
with the session.  Semantically, this token is their determination of
the "identity" of the session, where they determine what that identity
means.

> CUI is indeed assigned by the home server, but has nothing to do with
> a specific session, but rather with the user of the session.

  To pick nits: the existence of a user is visible only through his
existence in a specific session.  I don't think he CUI would be
applicable to a session where there was no end-user involved, as that
session would (almost by definition) not exist.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>