Thanks a lot for the analysis. That is pretty much what I prayed for months/years ago before this group was formed.
You have enforcement nodes. Their sole function is to stop or limit whatever traffic the network owner does not like (abusive users, rogue iot gadgets, slacking students, ddos attacks, whatever). They can potentially process huge levels of traffic. Their location in the network topology varies depending on what the network owner wants to achieve. They don't have any fancy UI because they can address all kinds of traffic. And you have autorisation nodes. They allow network clients to request being treated some other way by enforcing. They can have fancy human- oriented UIs, or robot-oriented enrolment portals. They communicate with enforcing out of band (client does not see this part). If the network operator is nice, he makes sures they can be reached without enforcing interference :). The only message needed by network clients is indication of the location of the corresponding authorization node when some enforcing node drops or limits parts of their communication attempts. (and the network client can choose to talk to the authorization node, stop communicating, or switch to another traffic form that does not trigger enforcing) Regards, -- Nicolas Mailhot _______________________________________________ Captive-portals mailing list [email protected] https://www.ietf.org/mailman/listinfo/captive-portals
