[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-radext-chargeable-user-id-04.txt

To: <radiusext@ops.ietf.org>
Subject: RE: I-D ACTION:draft-ietf-radext-chargeable-user-id-04.txt
From: "Adrangi, Farid" <farid.adrangi@intel.com>
Date: Mon, 28 Mar 2005 08:40:31 -0800
Cc: "Nelson, David" <dnelson@enterasys.com>, "Bernard Aboba" <aboba@internaut.com>

This version includes resolution for the issue below submitted by David
Nelson -- not shown in the RADEXT issues list yet.  Issue 66 (in the
RADEXT issues list) was addressed in version -03, we need to close it.
Thanks,
Farid

-----
Issue with CUI-03 in the definition of CUI content.

 

Submitter name: David B. Nelson
Submitter email address: dnelson@enterasys.com
Date first submitted: 08 March 2005
Reference:
Document: CUI-03
Comment type: T
Priority: S
Section: 1.0, 2.2
Rationale/Explanation of issue: (see below)
Requested change:

 

In Section 1 Introduction:  

  "While this
   mechanism is good practice in some circumstances, there are problems
   if local and intermediate networks require a user identity."

No entity other than the home AAA can derive a true user identity from
the CUI, so I would recommend that "require a user identity" (above) be
changed to "require an authenticated surrogate identity to bind the
current session".

 

In Section 2.2 CUI Attribute:
  "String:
      The string identifies the CUI of the end-user and is of type
      UTF8String.  This string value is a reference to a particular
      user.  The format and the interpretation of the string value , and
      the binding lifetime of the reference to the user is determined
      based on business agreements.  For example, the lifetime can be
      set to one billing period.  In cases where the attribute is used
      to indicate the NAS support for the CUI, the string value contains
      a nul character."

In discussions on the WG mailing list or in other e-mail threads on this
draft, I believe we had reached agreement that the content of the CUI
attribute would be described as an "opaque token", or as an
authenticated surrogate identity, but that only the Home AAA server was
in a position to make any other semantic interpretation of the CUI
content and that all other entities, e.g. proxy servers or NASes, should
treat the CUI as a "cookie", performing a binary-equality-test operation
on two CUI instances, but making no other interpretation of the CUI
content.  That restriction didn't make in into the -03 draft.

I would recommend that "The format and the interpretation of the string
value, and the binding lifetime of the reference to the user is
determined based on business agreements." (above) be changed to "The
format and content of the string value is determined by the Home RADIUS
server.  The binding lifetime of the reference to the user is determined
based on business agreements.  RADIUS entities other than the Home
RADIUS server MUST treat the CUI content as an opaque token, and SHOULD
NOT perform operations on its content other than a binary equality
comparison test, between two instances of CUI."    

-------- 






> -----Original Message-----
> From: i-d-announce-bounces@ietf.org 
> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of 
> Internet-Drafts@ietf.org
> Sent: Monday, March 28, 2005 8:08 AM
> To: i-d-announce@ietf.org
> Cc: radiusext@ops.ietf.org
> Subject: I-D ACTION:draft-ietf-radext-chargeable-user-id-04.txt
> 
> 
> A New Internet-Draft is available from the on-line 
> Internet-Drafts directories.
> This draft is a work item of the RADIUS EXTensions Working 
> Group of the IETF.
> 
> 	Title		: Chargeable User Identity
> 	Author(s)	: F. Adrangi, et al.
> 	Filename	: draft-ietf-radext-chargeable-user-id-04.txt
> 	Pages		: 10
> 	Date		: 2005-3-25
> 	
> This document describes a new RADIUS attribute,
>    Chargeable-User-Identity.  This attribute can be used by a home
>    network to identify a user for the purpose of roaming transactions
>    that occur outside of the home network.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-radext-chargeab
le-user-id-04.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request@ietf.org with the word unsubscribe in the body of
the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.


Internet-Drafts are also available by anonymous FTP. Login with the
username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-radext-chargeable-user-id-04.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE
/internet-drafts/draft-ietf-radext-chargeable-user-id-04.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail
readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Pre-work item review
Next by Date: RE: I-D ACTION:draft-ietf-radext-chargeable-user-id-04.txt
Previous by thread: digest issue 11 closure
Next by thread: RE: I-D ACTION:draft-ietf-radext-chargeable-user-id-04.txt
Index(es):
- Date
- Thread