[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Isms] RE: Follow up on Authorize Only issue



Avi Lior writes...

> But 3576 and WG decided not to go there.

Unless I'm mistaken, RFC 3576 was not the work product of any WG.  It
occurred after the RADIUS WG closed, and prior to the RADEXT WG opening.

> In hindsight, Authorize/Authetnication/Callcheck/etc should have used
an
> attribute specifically for that purpose.

Perhaps.

> The lesson is that we should be learning is not to overload
attributes.

I agree.
 
> I think introducing another Authorize-Only semantic is bad as well. I
> think that saying that Authorize-Only is only a 3576 think flies in
the
> nature of all RADIUS RFCs.

There are potential disadvantages, primarily in terms of how existing
RADIUS servers are implemented, but I don't see this as quite so much of
a problem.

> Finally, in view of the overloading of Service-Type, the use of
> NAS-Port-Type to provide a context for the type of service being
> requested is not ideal but it does work.

IMHO, overloading NAS-Port-Type is as bad as, if not worse than,
overloading Service-Type.  Overloading is overloading.  Overloading is
bad.  ;-)


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>