[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chargeable-User-Identity



Glen Zorn writes:
> The encoding of the attributes in 5580 isn't really so unusual: similar
> encodings have been around for years (see the CHAP-Password (RFC 3588) & the
> tunnel attributes (RFC 2868)).  
>   
The expected use of the Operator-Name attribute is, obviously, to carry
a unique operator identifier, be it a registered domain name or some
officially assigned id. For some applications, a global identifier is
not required or perhaps even harmful. I do not feel too happy about
eduroam Access-Request packets possibly carrying a user certificate with
his real name, or an unhidden e-mail address, accompanied by the domain
name of the visited network. It's true, that home institutions should
take care that users do not display their true identity and one could
say, why should we be worried if they do not do that, but still, we
(eduroam) do not need this open identifier of the institution. In fact,
the visited network could produce a different identifier for every realm
it needs to contact.

So now a suggestion. Would it be acceptable to register a namespace ID
for "private" usage, Something like the private IP address classes.
Operator-Name value tagged this way, would then be known to contain
stuff, that is not guaranteed to be universally unique and does not
adhere to any universal syntax (except being ASCII text).

Regards
Tomasz Wolniewicz

-- 
Tomasz Wolniewicz    
          twoln@umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>