[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC3576bis and Session State

To: Alan DeKok <aland@nitros9.org>
Subject: RE: RFC3576bis and Session State
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Sun, 27 May 2007 13:09:58 -0700
Cc: <radiusext@ops.ietf.org>

How is this?

"A NAS implementing this specification SHOULD send an Acct-Session-Id
or Acct-Multi-Session-Id Attribute within an Access-Request.
Where an Acct-Session-Id or Acct-Multi-Session-Id Attribute is not
included within an Access-Request, the Dynamic Authorizatoin Client will not know the Acct-Session-Id
or Acct-Multi-Session-Id of the session it is attempting to target,
unless it also has access to the accounting data for that session.

Where an Acct-Session-Id or Acct-Multi-Session-Id Attribute is not
present in a CoA-Request or Disconnect-Request, it is possible that the
the User-Name or Chargeable-User-Identity attributes will not be
sufficient to uniquely identify the session (e.g. if the same
user has multiple sessions on the NAS, or if the privacy NAI is used).
In this case, session identification MAY be performed by using one or more of
the Called-Station-Id, Calling-Station-Id, NAS-Port and
NAS-Port-Id attributes."

> Date: Sun, 27 May 2007 13:52:46 +0100
> From: aland@nitros9.org
> To: bernard_aboba@hotmail.com
> CC: radiusext@ops.ietf.org
> Subject: Re: RFC3576bis and Session State
>
> Bernard Aboba wrote:
> ...
> > To something like this:
> >
> > "A NAS implementing this specification SHOULD send an Acct-Session-Id or
> > Acct-Multi-Session-Id Attribute within an Access-Request. However,
> > where the Acct-Session-Id or Acct-Multi-Session-Id is not included
> > within an Access-Request,
>
> the Dynamic Authorization Client will not know the Acct-Session-Id or
> Acct-Multi-Session-Id of the session it is attempting to target, unless
> it also has access to the accounting data for that session.
>
> > Where an Acct-Session-Id or Acct-Multi-Session-Id Attribute is not
> > present in a CoA-Request or Disconnect-Request,
>
> the User-Name or Chargeable-User-Identity attributes may be
> sufficient to uniquely identify the session. However, if the same user
> has multiple sessions on the NAS, or if the privacy NAI is used, that
> information may be insufficient to uniquely identify a session. Session
> identification MAY be performed by using one or more of the
> Called-Station-Id, Calling-Station-Id, NAS-Port and
> NAS-Port-Id attributes.
>
> ? The question now becomes how does the client determine which
> attributes to send if there's no session ID attribute? Maybe recommend:
> CUI or else User-Name (unless it's anonymous) or Calling-Station-Id, etc.
>
> > I can add a sentence to Section saying "A NAS implementing this
> > specification SHOULD send
> > an Acct-Session-Id or Acct-Multi-Session-Id Attribute within an
> > Access-Request."
>
> Yes. Also note that doing so makes the CoA network much simpler and
> more robust. I would prefer it to be a MUST, but that's probably too
> strong. Maybe a strong recommendation in addition to SHOULD.
>
> Alan DeKok.

Follow-Ups:
- Re: RFC3576bis and Session State
  - From: Alan DeKok <aland@nitros9.org>
- RE: RFC3576bis and Session State
  - From: "Avi Lior" <avi@bridgewatersystems.com>

Prev by Date: RE: Issue: RPF Check
Next by Date: RE: Link to strawman RFC 3576bis -07 document
Previous by thread: RE: RFC3576bis and Session State
Next by thread: RE: RFC3576bis and Session State
Index(es):
- Date
- Thread