[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: no overall type in Extended Attributes
Glen Zorn wrote:
> Hmm. I seem to be having some serious problems communicating today,
> or...anyway, I used the word "group" or its plural 3 times in one sentence.
> How do you get the idea that tags aren't used for grouping?
I think they *are* used for grouping. You said you wanted to name a
group of TLV's. I think you can't name the *group*, but you can say
"all of the attributes with tag 1". That both defines, and names, the
group.
The RFC 2868 naming for tagged attributes is commonly
Attribute-Name:Tag, or "Attribute-Name = Tag:value". That method could
be used for tagged extended attributes.
> OK, how would you specify this behavior in a document so that humans could
> actually understand it?
Multiple attributes can be packed into one Extended-Attribute, so long
as the M bit is zero. Attributes having different tags MUST be packet
into different Extended-Attributes.
i.e. if we use a short-cut terminology E(T,foo) meaning "Extended
Attribute with tag T, and contents foo, we have:
E(1, Foo = 1 | Bar = hello)
E(1, Foo = 1), E(1, Bar = hello)
Both meaning "attribute Foo with value 1, tag 1 ALONG WITH attribute
Bar with value hello, tag 1).
In practice, these attributes would be referred to as:
Foo:1 = 1
Bar:1 = hello
or
Foo = 1:1
Bar = 1:hello
Existing RADIUS attribute parsers handle both formats above. The only
change is an extra piece of information for the attributes saying "pack
these as extended attributes". But that's an issue for the dictionaries
and the packet encoding/decoding functions. It's *shouldn't* affect the
parsing of the textual form of the attributes in server policies.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>