RE: Follow up on Authorize Only issue (was RE: [Isms] ISMS session summary)

["Avi Lior" <avi@bridgewatersystems.com>]

Hi

> > 
> > For the SSHSM usage case, the question is whether it is an 
> > unacceptable security risk for a trusted NAS to be able to obtain 
> > authorization information about a user that is not actually 
> "present" at the NAS?
> 
> This probably needs more thought and discussion.
> 
I am having trouble understanding "..user that is not actually present"

Why are we sending authorization attributes to a NAS where the user is
not actually present.

I have seen scenarios where we push authorization attributes to a NAS
and hence that creates a Session for a user using COA for example. 

> 
> /js
> 
> -- 
> Juergen Schoenwaelder		    International University Bremen
> <http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 
> 28725 Bremen, Germany
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>