[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Technical Errata Reported] RFC5176 (2012)
Hmmmm
"provisioning a service" is authorization no?
I authenticate you then authorize you for a service by sending you authorization attribute that define what service or services you will receive.
I dont see a difference ... so i cant agree with:
> After all, RADIUS is not about answering authorization questions from NASes,
> it's about identifying users and *telling* them what service they get, based
> on their identity, and contextual hints from the NAS.
identifying users is authentication and telling them what service they get is authorization. Am I missing something?
Anyway it may not be important that the language we are using is aligned.
On 26-01-2010, at 21:51 , Dave Nelson wrote:
>> There are just too many unknowns around NAS behavior to over-load
>> Access-Accept.
>
> I don't think anyone has suggested over-loading Access-Accept. If use as
> originally intended, to provision service, it works just fine, at least if
> the service is described in the Service-Type attribute.
>
> After all, RADIUS is not about answering authorization questions from NASes,
> it's about identifying users and *telling* them what service they get, based
> on their identity, and contextual hints from the NAS.
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>