1 / 9

Chargeable-User-Identity

Chargeable-User-Identity. Scott Armitage. Introduction. Scott Armitage Loughborough University e duroam UK Support. What is CUI?. Chargeable-User-Identity (CUI) RFC4372 Unique Identifier for an eduroam user Same across different devices Unique per visited site. Why is CUI useful?.

lacey
Télécharger la présentation

Chargeable-User-Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chargeable-User-Identity Scott Armitage

  2. Introduction • Scott Armitage • Loughborough University • eduroam UK Support

  3. What is CUI? • Chargeable-User-Identity (CUI) • RFC4372 • Unique Identifier for an eduroam user • Same across different devices • Unique per visited site

  4. Why is CUI useful? • How many visitors do you have? • How do you block a single user? • Sites only have outer identity and calling station id • User can change both of these

  5. eduroam Policy • eduroam UK Policy • Sites should respond with CUI if requested • Recommend sites should request CUI • If CUI is received it must be logged • eduroam Service Policy • Recommended sites return a CUI if requested • Request must contain Operator Name • Only home site should be able to reverse CUI

  6. How do I request a CUI? • Visitor at your site • Request CUI by sending nul CUI ‘\\000’ in all request packets • Must send Operator-Name

  7. How do I generate a CUI? • Received nul CUI attribute in Access-Request • Ignore if Operator-Name is missing • Md5 hash • Operator-Name • User-Name • Salt • Record CUI • Reply with CUI value in all RADIUS packets

  8. Received a CUI • CUI should be recorded in logs • e.g. syslog • NAS which support CUI should include the CUI in all Accounting Packets

  9. support.roaming.ja.net • Simulated visitor test supports CUI • Currently tests through support site don’t

More Related