Re: CUI reloaded

[Tomasz Wolniewicz <twoln@xxxxxx>]

stefan.winter@xxxxxxxxxx wrote:
> You may not want to receive this information, but nothing stops others 
> from sending it. You can of course discard the accounting info before 
> seeing it. That is not at all limited to Australia - if you come to 
> the RESTENA Offices in Luxembourg, it may very well happen to that 
> Accounting packets are generated and sent back to your IdP.
>
> The eduroam policy only says about this: forwarding accounting packets 
> needs to be supported by the infrastructure. And since we support it, 
> we can't ignore it.
I agree with you on these counts. The infrastructure should not mess 
with the traffic, and when we move to dynamic RadSec there will be no 
one to do any filtering anyway. This problem is different form VLAN 
attributes, which can break down the service and where the service 
operator has a good reason to a least monitor. Accounting is, indeed 
entirely up to the SP. If anyone is breaking any privacy laws it is the SP.
Still I would prefer if the new policy supported good practices and also 
said:
"Accounting reports ma be considered to be users' private data of no 
concern to the IdP, therefore they SHOULD NOT be sent by SP".

> I'm delighted to hear that! Since you have a working CUI installation 
> anyway, would you be willing to write appropriate SQL queries so that 
> we can see it in action?
We will give it a try.

Tomasz


--
Tomasz Wolniewicz    
         twoln@xxxxxx        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576