Alejandro Perez Mendez wrote:
> We also thought that a new flag "T" could indicate the attribute is
> truncated across several packets.
That sounds good.
> Precisely we were about to modify our document to reflect this, if the
> idea was reasonable. That was the intention of sending it first to the
> list, to see if there were objections before starting writing a new draft.
My notes about this are:
- the first Access-Accept must contain Service-Type = Authorize-Only
*or* a new Servicer-Type = Additional-Authorization
This means that the user is not given network access when the
implementation does not support the new method.
- the first Access-Accept must contain a State attribute
for is already required for use of Authorize-Only
- additional authorization attributes are received via a series
of Access-Request / Access-Challenge
- each Access-Request MUST contain Service-Type = Authorize-Only
and a State
- the State MUST change for each Access-Challenge response
I can get into that later
- the final Access-Accept contains the real Service-Type
for the user
Alan DeKok.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
