[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scope of applicability for CUI

To: Alan DeKok <aland@ox.org>
Subject: Re: Scope of applicability for CUI
From: Barney Wolff <barney@databus.com>
Date: Thu, 23 Dec 2004 15:13:32 -0500
Cc: radiusext@ops.ietf.org
In-reply-to: <20041223192823.F142C16CC3@mail.nitros9.org>
References: <20041223163411.GA67928@pit.databus.com> <20041223192823.F142C16CC3@mail.nitros9.org>
User-agent: Mutt/1.5.6i

On Thu, Dec 23, 2004 at 02:28:22PM -0500, Alan DeKok wrote:
> Barney Wolff <barney@databus.com> wrote:
> > I beg to differ.  Class is simply an octet string sent, via a meandering
> > route,
> 
>   I'm not sure what you mean by "a meandering route".  The
> participants in the RADIUS conversation are well-known, and named.  We
> should use those names to avoid miscommunication.

Sorry for a failed attempt at humor.  I meant simply that Class is not
sent directly from the auth server to the acct server, but is relayed
through some number of proxies and the NAS.

> > from the sender of an Access-Accept to the receiver of an
> > Accounting-Request.  Any interpretation of the octets is strictly up
> > to those two parties, and no other characterization of Class can be made.
> 
>    I agree.  But for those two parties, the Class attribute
> establishes some kind of "opaque token" which they have associated
> with the session.  Semantically, this token is their determination of
> the "identity" of the session, where they determine what that identity
> means.

Class might well not be unique to session or even user.  My point, which
I've already belabored overmuch, was just to emphasize its opacity.

> > CUI is indeed assigned by the home server, but has nothing to do with
> > a specific session, but rather with the user of the session.
> 
>   To pick nits: the existence of a user is visible only through his
> existence in a specific session.  I don't think he CUI would be
> applicable to a session where there was no end-user involved, as that
> session would (almost by definition) not exist.

Again, by the business case(s) presented, CUI must have some cross-session
stability or it does no good.  That's all I was trying to say.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Re: Scope of applicability for CUI
  - From: Barney Wolff <barney@databus.com>
- Re: Scope of applicability for CUI
  - From: "Alan DeKok" <aland@ox.org>

Prev by Date: Season's Greetings.
Next by Date: Re: Scope of applicability for CUI
Previous by thread: Re: Scope of applicability for CUI
Next by thread: RE: Scope of applicability for CUI
Index(es):
- Date
- Thread