Normalising the User-Name AVP in an Access-Accept

Phil Mayers p.mayers at
Thu Apr 18 17:54:18 CEST 2013

On 18/04/13 16:29, Nick Lowe wrote:
> I would have thought that it is perfectly reasonable to return the
> identity back in the case you have roaming federations as long as it
> was an agreed requirement beforehand.

Maybe, maybe not.

If the home site were in a jurisdiction with data protection legislation 
(most of Europe) and User-Name were "personal data" (particularly 
email-formatted usernames) then I think this would be problematic at 
best - particularly if the visited site were in a jurisdiction *without* 
DP legislation (e.g. EU person roaming to the USA).

> I am of the opinion that this -should- be mandated as part of Eduroam,
> for example.

Shrug. I disagree.

I honestly don't see what the problem is with writing it yourself - it's 
not rocket science - but OTOH a set of examples in the default config 
would be a good thing too.

More information about the Freeradius-Users mailing list