[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue: Attribute restriction
I think it is trying to say is that the Access-Request SHOULD contain at least the NAS and session identification attributes. It shouldn't be implying that no other attributes are permitted.
Can you think of a way to make this more clear?
For example, we could add "The Access-Request MAY also contain other attributes as needed."
________________________________
> Subject: RE: Issue: Attribute restriction
> Date: Mon, 28 May 2007 11:28:40 -0400
> From: avi@bridgewatersystems.com
> To: bernard_aboba@hotmail.com; radiusext@ops.ietf.org
>
> Bernard,
> Dont forget that in RADIUS Location Draft we want to include location information in this message.
> Recall, that if the NAS provided location information in an Access-Request (either because it was configured to do so, or because it received a challenge) then when issueing the Access-Request due to the receipt of COA (Authorize-Only) we want it to also include the location information. Thus this will avoid the AAA server from challenging it again to provide location information.
> How do you want to deal with that? Do we let that Draft specify this or do you want to align the draft.
> ________________________________
> From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Saturday, May 26, 2007 10:27 AM
> To: radiusext@ops.ietf.org
> Subject: Issue: Attribute restriction
> Issue: Attribute Restriction
> Submitter name: Bernard Aboba
> Submitter email address: aboba@internaut.com
> Date first submitted: May 26, 2007
> Reference:
> Document: RFC3576bis-06
> Comment type: Technical
> Priority: S
> Section: 3.2
> Rationale/Explanation of issue:
> Section 3.2 contains the following sentence:
> This Access-Request SHOULD contain the NAS
> identification attributes from the CoA-Request, as well as the
> session identification attributes from the CoA-Request legal for
> inclusion in an Access-Request as specified in [RFC2865], [RFC2868],
> [RFC2869] and [RFC3162].
> This sentence appears to imply that only session identification attributes
> from [RFC2865], [RFC2868], [RFC2869] and [RFC3162] can be included in the
> Access-Request. In fact, RFC 3576bis adds Chargeable-User-Identity to the
> list of session identification attributes; this is defined in a document
> that is not listed.
> The proposed resolution is to change this sentence to:
> This Access-Request SHOULD contain the NAS
> identification attributes from the CoA-Request, as well as the
> session identification attributes from the CoA-Request legal for
> inclusion in an Access-Request.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>