Taskforce Mobility Mailarchive
I would look at it in another way. "the Accounting packets MUST include
the CUI" - fine, but if there are NO accounting packets sent, then we
are not violating anything. And we have agreed some time ago that
sending accounting information to IdP makes little sense and in
addition violates user's privacy. Therefore I would not worry about it.
In the Telco setting this is different, as the IdP is interested in
billing the user and has the right to have the accounting information
(I guess), but as we gave no business gathering this information in
eduroam, it should not be sent by the SP in the first place.
If there is a reason to do Accounting, then indeed the CUI MUST be sent
and this definitely would be a problem. Still I would say DO NOT send
Accounting.
You're right that we don't have a striking need for accounting.
Nevertheless it is the SPs decision to generate Accounting packets or
not, so it would not be wise to ignore the fact that there *may* be
Accounting packets floating around in our infrastructure. IIRC, there
are even a few federations that make actual use of it. You don't want
to state that when turning on CUI, everybody has to turn off
Accounting, do you?
Also, accounting does have a few upsides even for us. If we had
accounting throughout the infrastructure, we could have a more
deterministic view on the number of *uses* of our infrastructure (and
could move on from the unholy discussion that "number of successful
authentications" is the only idea we've got). All those re-auths
happening on the same user session could then be easily dissected into
a single user session.
This is not a plea for accounting. It is a plea for not disregarding
the possibility of existence of accounting packets.
Greetings,
Stefan
--
Tomasz Wolniewicz twoln@xxxxxx
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication
Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576