Hi,
Yes. Because the CUI is supposed to be an opaque user identifier. The User-Name is a non-opaque user identifier.
So... handing out User-Name means that you've just told everyone who the user is. Which means the secrecy added by CUI is pointless.
its not about 'handing out' the User-Name...the current stuff now strips the User-Name from the outerID - thats the outerID that has already been seen by the visited site or anyone along the proxy path - i would never proscribe putting the innerID into the outerID...the server never did that unless you told it to - but suddenly removing the User-Name from the outerID means that many RADIUS servers no longer have a key element that they use for local RADIUS accounting - anonymousID is one thin...but totally blank with no idea of realm etc is quite another. these sites dont support CUI , know about it or care :( alan