[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )



Avi Lior writes...

> The RADIUS server may REQUIRE location in order to evaluate a
> authentication/authorization policy.  That policy could state that if
> location is not provided then allow the user on with certain
> constraints.

OK.  I can understand that.

In the case of location information, what is the problem with the NAS
always providing any location information that it has to the RADIUS
server?
 
If the issue is that the User wants the NAS to only disclose location to
RADIUS servers that he trusts, I think there is a lot of heavy lifting
to do.  User to RADIUS Server trust is not established until the
successful completion of authentication.  In proxy environments there
may be several non-trusted RADIUS Servers in the proxy chain.  The User
can only establish a trust relationship with the Home RADIUS Server.

If the User's level of trust is not the issue, then what is?


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>