Re: Radius-Geopriv: When to send location info?

[Bernard Aboba <aboba@internaut.com>]

> [hannes] to me it seems reasonable not to include location information with
> every request. a  visited network which knows that it has to send location
> information to a particular home network  might do so. i also think that it
> would be good to have an error attribute to indicate that it was  not
> possible to authorize the user properly based on the missing location
> information.
>
> we have added the usage of the error-cause attribute. within the iana
> section we need to register  a new type:

I am confused by the model that is described here.  I could understand why
the NAS might not send the NAS location with every Access-Request.  But
user location is another matter.  If the NAS is set up to send user
location data, why would it not send it on each request?

My reading of RFC 2865 is that service provisioning attributes (including
VSAs) are forbidden in a RADIUS Access-Reject.  However, information on
why the request failed is ok (e.g. Reply-Message, EAP-Message/EAP-Failure,
etc.).  So I think that Error-Cause can be included.

However, Error-Cause will not solve the problem that is described.  If the
NAS is not sending User location on every Access-Request and the server
requires this, then every Access-Request that is sent without the user
location will be denied.

I'd suggest that language be included in the document to say that "by
default, a NAS that is set up to provide user location information to the
RADIUS server MUST provide this information in every Access-Request."

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>