Re: Is provisioning services in Accounting-Request packets bad?

[Alan DeKok <aland@deployingradius.com>]

Avi Lior wrote:
> On one hand we may need more information as David is mentioning.
> 
> But there is nothing wrong with a Back office system using information contained in an accounting message.

  Absolutely.

> A back office system can be used for billing but it can also be used to do other things like generate triggers for Intrussion Detection/Prevention systems, Firewalls etc etc....
> 
> And thus some of the information could be used for provisioning of some service by a back office system.
> 
> We should not be concerned about this.  It has nothing to do with the over the wire protocol.  As long as the information is valid to be sent in the Accounting Messages we should be fine.

  My main issue is that accounting packets should be generated by the
system managing the user session. i.e. the NAS.  Anything else in the
network (e.g. RADIUS proxy) has no business "inventing" accounting
packets for a session.

  That strikes me as an odd way of creating a vendor-specific
provisioning API.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>