[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal: Capabilities Attribute
I hope every proposer of a complex attribute is prepared to design,
code, debug and support the logic necessary to react to all possible
values, in client, proxy, protocol gateway and server. Otherwise, it
becomes what in US politics is called an "unfunded mandate".
IMHO, anything beyond a single bit per attribute number is overkill.
But if we want to expend 2 bits, I'd opt for 1 bit meaning "I accept
this attribute" and the other meaning "I require this attribute in
an Access-Accept and if missing will treat it as a -Reject". I would
also exclude any VSA-related functions from standard capabilities
indication.
For every perceived problem, there is a solution. But one has to ask
whether the cost of the solution is really less than the cost of
leaving the problem unsolved.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>