Opened 5 years ago

Closed 5 years ago

#176 closed defect (fixed)

draft-ietf-radext-nai-05: is the term *Network Access* Identifier still appropriate?

Reported by: stefan.winter@… Owned by: draft-ietf-radext-nai@…
Priority: major Milestone:
Component: nai Version:
Severity: Waiting for Shepherd Writeup Keywords:


The document takes two conflicting positions on NAIs.

In some places, it claims that the identifiers defined in this document are of generic use, particularly beyond network access scenarios (e.g. in Introduction, para 3 and 4; and section 1.3, third para).

The document title itself (still) scopes the identifiers as "Network Access Identifier"; also the definition of the term in section 1.1 explicitly speaks about "network access authentication".

The document could be more consistent; if one is to follow the argument that such identifiers are for use beyond network authentication, then it is much more logical to reflect this in the name of the identifier, and in its definition.

I don't recall this aspect already having been discussed on the mailing list; my apologies if my memory fails me. If it was indeed not discussed, I think this is worth bringing up. As an individual, my opinion is that a name notion of "Unique User Identifier" (or maybe s/User/Entity since it's not necessarily a human) would make more sense; "Unique" because the binding to FQDNs makes it somewhat (albeit not absolutely) unique.

Change History (5)

comment:1 Changed 5 years ago by aland@…

I think this requires larger discussion in the WG

comment:2 Changed 5 years ago by stefan.winter@…

This issue was discussed on the list and it was unanismously agreed to keep the name - noting that the actual scope of NAIs is larger than back in the day when the term was coined.

The document was revised meanwhile; only one trace of the old wording remains in 1.1 "Definition":

"... is the user identity submitted by the client during network access authentication."

Re-wording this to

"... is the user identity submitted by the client during authentication."

would remove the network context.

comment:3 Changed 5 years ago by aland@…

I'll change it in last call. I don't think it's worth doing a new rev for this one change.

comment:4 Changed 5 years ago by stefan.winter@…

Another occurence is in the Abstract:

"... the user identity submitted by the client prior to accessing network resources."

It should probably just be "resources" to remove the specific scope of network access. This can also be done in IETF LC.

comment:5 Changed 5 years ago by aland@…

  • Resolution set to fixed
  • Status changed from new to closed

fixed. I'll push out a new version as soon as I'm allowed

Note: See TracTickets for help on using tickets.