[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [RADIUS FIXES] Authorize Only
See Inline.
> -----Original Message-----
> From: aland@nitros9.org [mailto:aland@nitros9.org] On Behalf
> Of Alan DeKok
> Sent: Tuesday, July 26, 2005 2:13 PM
> To: Nelson, David
> Cc: Avi Lior; Bernard Aboba; radiusext@ops.ietf.org
> Subject: Re: [RADIUS FIXES] Authorize Only
>
>
> "Nelson, David" <dnelson@enterasys.com> wrote:
> > Yes, but are multiple services within a single session
> currently well
> > defined in RADIUS RFCs? We had quite a dialogue about the issue of
> > multiple services on the RADEXT list about a year ago. I
> don't recall
> > whether any consensus emerged out of that discussion.
>
> My $0.02 is Issue #68, which became section 2.6.2 of the
> issues & fixes document. There was at least one post to
> issue 68 indicating agreement, but no more discussion.
>
> In summary, where services can be offered independently,
> they should be AAA'd independently. The NAS *may* offer
> information indicating that they are related, but this often
> isn't done today.
See that is not the trend - at least in wireless. It may be okay for
enterprises. In wireless you don't want to authenticate the subscriber
for each service. It takes too long. Operators are looking for mobile
nodes to come up quickly. Therefore the opposite is true.
In fact in many cases we pre-authorize services that the user is likely
to use in order to get the upper hand on time.
> Alan DeKok.
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>