Normalising the User-Name AVP in an Access-Accept
Phil Mayers
p.mayers at imperial.ac.uk
Thu Apr 18 17:54:18 CEST 2013
On 18/04/13 16:29, Nick Lowe wrote:
> I would have thought that it is perfectly reasonable to return the
> identity back in the case you have roaming federations as long as it
> was an agreed requirement beforehand.
Maybe, maybe not.
If the home site were in a jurisdiction with data protection legislation
(most of Europe) and User-Name were "personal data" (particularly
email-formatted usernames) then I think this would be problematic at
best - particularly if the visited site were in a jurisdiction *without*
DP legislation (e.g. EU person roaming to the USA).
> I am of the opinion that this -should- be mandated as part of Eduroam,
> for example.
Shrug. I disagree.
I honestly don't see what the problem is with writing it yourself - it's
not rocket science - but OTOH a set of examples in the default config
would be a good thing too.
More information about the Freeradius-Users
mailing list