RE: [RADIUS FIXES] Authorize Only

["Nelson, David" <dnelson@enterasys.com>]

I think it's important for all IETF RADIUS documents to define the
semantics and usage rules of its protocol elements, in this instance the
values taken on by Attributes, in a complete and unambiguous fashion.
That is absolutely required to achieve multi-vendor interoperability,
using only the documents themselves as source material.  Leaving the
usage and semantics of protocol elements loosely defined, so as to
enable future product feature innovation, using RADIUS, is a good thing
for developers and product introduction schedules.  It is generally a
bad thing for standardization and interoperability.  Since the only
reason to expend the collective efforts of an IETF WG is to publish
clear, well-defined and highly interoperable protocol standards (or
informational status protocols), it seems that the interests of
interoperability should take precedence over the interests of expedient
product development.

I also understand that lots of things are defined as "RADIUS" outside of
the IETF.  Some are good and useful and some (IMHO) bend the protocol to
the point of being unrecognizable.  I would not like to use some of the
more "liberal" reinterpretations of RADIUS that have occurred outside of
the IETF over the years as the basis for RADEXT WG work.

If we can come to a reasonable consensus on the semantics and usage
rules for Authorize-Only, citing specific applications, and not violate
any normative requirements of the base RADIUS documents, that would be a
good thing.  I think, however, we should be careful to avoid defining
Authorize-Only, or any other attribute besides a VSA, as a general
"catch-all" for yet unspecified feature innovation.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>