I don't think we want to be specifying the "real" transport layer, e.g.
TCP,
UDP, SCTP, etc. What we need to specify there is the "secure transport"
(which doesn't exactly fit into the classical ISO 7-layer model), e.g.
SSH,
TLS, etc.
What I'm proposing for the -01 version is:
1 Default
2 SSH
3 TLS
4 DTLS
5 BEEP
6 SOAP
What does it mean if multiple Management-Policy-Id attributes are
included?
How are the policies merged? If this is implementation-specific, isn't
the result undefined?
Proposed text for the -01 version:
</t>
No precedence relationship is defined for multiple occurrences of the
Management-Policy-Id attribute. NAS behavior in such cases is not
predictable. Therefore, two or more occurrences of this attribute SHOULD
NOT be included in a single service provisioning message, such as
Access-Accept or CoA.
<t>
</t>
The content of the Management-Policy-Id attribute is expected to be the
name
of a management access policy of local significance to the NAS, within a
flat namespace of significance to the NAS. Overloading or subdividing
this
flat name with multi-part specifiers (e.g. Access=remote, Level=7) is
likely
to lead to poor multi-vendor interoperability and SHOULD NOT be utilized.
If a simple flat policy name is not sufficient to the anticipated use
case,
it is RECOMMEDNED that a Vendor Specific Attribute be used instead, rather
than overloading the semantics of Management-Policy-Id.
</t>