Re: AW: AW: Review of draft-ietf-geopriv-radius-lo-04.txt

[Bernard Aboba <aboba@internaut.com>]

> if we talk about location-based authorization and if this authorization
> step is mandatory then the radius server will ask the nas to provide
> location information and if he cannot provide it then an access reject
> must be sent. 

Right. 

> if the home network operator just wants to print location information to
> the bill (something like 'wlan hotspot at abc in munich') then the
> radius server might not want to send an access reject if the nas cannot
> provide it. maybe the best way to address this aspect is not to request
> location information with the access-challenge but later when accounting
> messages are exchanged. 

If the RADIUS server needs location info for authorization then it needs 
to send an Access-Challenge expressing that need.  If does not require 
location information in the Access-Request but would like it in the 
Accounting packets if available, it can include a "send location" 
attribute in an Access-Accept. 

Summary:

a. RADIUS Server REQUIRES location in Access-Request or 
Accounting-Request:  server sends an Access-Challenge with an attribute 
that expresses what is required. 

b. RADIUS server would like location information in the Accounting-Request 
but does not require it:  RADIUS server sends an Access-Accept with an 
attribute that expresses what is desired. 

c. RADIUS server REQUIRES location in Access-Request, but has not received 
it after sending an Access-Challenge:  RADIUS server 
sends an Access-Reject with an Error-Cause attribute with value "Missing 
Location Information"

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>