RFC 4372 defines a standard RADIUS attribute (89), Chargeable User Identity (CUI), gives the motivation for its creation and specifies its use in RADIUS Access-Request, Access-Accept and Accounting-Request packets.
Some authentication methods such as PEAP, EAP-TTLS, EAP-SIM and EAP-AKA can hide a user’s true identity from servers outside of the user’s home network. In these cases the User-Name AVP has an anonymous or generic value which is sufficient for routing requests to the appropriate home network but insufficient for identifying the individual user. There are valid reasons for protecting a user’s identity in roaming applications. But access and intermediate networks also have a need to distinguish roaming users and groups of users in order to fulfill business requirements such as billing reconciliation and simultaneous session control. The CUI AVP defined in this RFC provides a user alias for a period of time. The RFC also describes how CUIs are requested, supplied and used.
Read RFC 4372 at www.ietf.org.
Comments are closed.