Alper Yegin wrote: > Now, if someone tells me the NAS can set the lifetime value to anything > irrespective of the lifetime received from the AAA, then I say he's using a > centralized AA (authentication and accounting) server with distributed A > (Authorization). An interesting case, not typical but doable. Someone may > have a very special reason to do that.
NASes have always had "creative" interpretations of authorization policies coming from an AAA servers. So this behavior is well within the traditional AAA. > Regarding the application state that is created within the authorized > application session, yes I understand and agree that it may survive beyond > the authorized session. But that's very application specific. We need to > discuss that in the scope of specific applications. I agree. I would phrase the difference as being either the ability to *do* something, or the ability to *have* something. Items like "session timeout" control the ability to have a session. Once the session is over, the ability goes away. Other items could be allowed to continue, even after the session has been finished. Alan DeKok. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
