RE: a question about Management Authorization -01 document

["David B. Nelson" <d.b.nelson@comcast.net>]

Li Chunxiu writes...

> Maybe there is need to define the "local scope" concept in the
> draft-ietf-radext-management-authorization-01.

We could certainly do that.  I'll add that to the issues list.  It works
exactly like the Filter-Id attribute, which also relies on rules of local
scope.  Therefore, it's a well understood RADIUS operational paradigm.  The
rules are provisioned on all that NASes that are likely to need to know and
apply them by some out of band means, such as via a MIB using SNMP, via the
CLI or via FTP.

Note that there is work in RADEXT to define attributes that supplement
Filter-Id by provisioning and defining the rules at the same time.  That is
to say, defining a RADIUS filter rule attribute that actually contains the
rules.  This work leverages work done previously for Diameter. See RFC 4849.

So far, there has been no effort to define similar self-contained management
policy rules.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>