[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )

To: <radiusext@ops.ietf.org>
Subject: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
From: "Nelson, David" <dnelson@enterasys.com>
Date: Fri, 9 Sep 2005 16:58:20 -0400
Cc: <geopriv-request@ietf.org>

Avi Lior writes...

> Initially we did exactly that we sent the location information in the
> Access-Request.  But Geopriv being about privacy, was concerned what
if
> the user did not want to have their location exposed.

Well, it seems to me that if the user is *really* concerned about
disclosure of private information, then no location information should
be sent until the identity of the Home AAA server has been
authenticated, potentially by an EAP method providing mutual
authentication.

That might mean that location information cannot be sent until the
successful completion of authentication, i.e. after the Access-Accept is
received at the NAS.  Depending on the level of privacy assurance that
GEOPRIV is seeking to obtain, it might be very difficult using the
current AAA architectures.

> And by the way, RADIUS does keep transactional state. 

The RADIUS protocol was designed so that RADIUS servers could be
stateless.  This is achieved by passing the state "cookie" back to the
RADIUS clients in the form of the State and Class attributes. 


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Next by Date: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Previous by thread: Re: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Next by thread: RE: Capabilities (was Re: AW: Review of draft-ietf-geopriv-radius-lo-04.txt )
Index(es):
- Date
- Thread