[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Guidelines Document Discussion

To: "Bernard Aboba" <bernard_aboba@hotmail.com>, <aland@nitros9.org>
Subject: RE: Guidelines Document Discussion
From: "Avi Lior" <avi@bridgewatersystems.com>
Date: Wed, 11 Apr 2007 12:02:47 -0400
Cc: <radiusext@ops.ietf.org>
In-reply-to: <BAY117-F101203D713E19A1C45039F935F0@phx.gbl>
References: <461CE1E3.4020900@nitros9.org> <BAY117-F101203D713E19A1C45039F935F0@phx.gbl>

Hi,

Please see inline.... 

-----Original Message-----
From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] 
Sent: Wednesday, April 11, 2007 11:39 AM
To: aland@nitros9.org; Avi Lior
Cc: radiusext@ops.ietf.org
Subject: Re: Guidelines Document Discussion

>   If the name space is SDO-specific.  "SDO-Attribute-Foo".  I don't 
>see why the IETF would not honor such name spaces.

[Avi] The name space for a VSA is defined -- it the SDOs (or vendors
namespace).  I don't know what else you would do.
>
>   Having SDOs define attributes *without* a specific name-space leads 
>to problems.  Common terms are... common.  Is "DNS-Server" a good 
>attribute name for multiple SDO's to define?  Probably not.

This makes sense to me; it probably should be part of design guidelines.

[Avi] The reality is that one SDO may define DNS-Server because it does
not know that another attribute by that name is already defined.  There
is no global repository for looking up what other SDO have done.

>Interoperability where we don't have to write or maintain a RADIUS 
>server implementation for every SDO.  VSA's and name spaces are useful 
>here, because they mean that one RADIUS server deployment can 
>interoperate with multiple SDO's simultaneously.

Right.  That is a good goal, I think.  There is no good reason why one
SDO shouldn't be able to reuse VSAs from another SDO, 

[Avi] There is apprehension and that relates to change control.  If I
use an attribute x from VendorA, then I need assurances that if that
attribute is going to change or that I would be consulted or be notified
when such a change occurs.

[Avi] A great example of a widely used VSA is the Microsoft
MS-MPPE-SEND-KEY etc. because it was published as an RFC.  How many
other SDOs publish their attributes as RFCs. 

or why configuring a RADIUS server to send a VSA should be any  more
complex than configuring the same server to send an attribute from the
Standards space.  We need to make it easier to incorporate VSAs into
standard RADIUS implementations.

[Avi] Given the IETF is a common denominator across SDOs, a way forward
perhaps is to encourage SDOs to publish their dictionaries as
INFORMATIONAL RFCs.  And perhaps to register their Dictionaries in IANA.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Guidelines Document Discussion
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Guidelines Document Discussion
  - From: Alan DeKok <aland@nitros9.org>

References:
- Re: Guidelines Document Discussion
  - From: Alan DeKok <aland@nitros9.org>
- Re: Guidelines Document Discussion
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

Prev by Date: Re: Guidelines Document Discussion
Next by Date: Re: Guidelines Document Discussion
Previous by thread: Re: Guidelines Document Discussion
Next by thread: Re: Guidelines Document Discussion
Index(es):
- Date
- Thread