RE: [Isms] Re: modularity

[Randy Presuhn <randy_presuhn at mindspring.com>]

Hi -

> From: David B Harrington <ietfdbh at comcast.net>
> Sent: Aug 2, 2005 6:50 AM
> To: 'Randy Presuhn' <randy_presuhn at mindspring.com>, isms at ietf.org
> Subject: RE: [Isms] Re: modularity
...
> >There is, 
> > unfortunately, a need for
> > the SM to know when the triggered AAA exchanges have finished.
>
> Why does the SM need to know this? 
...

Not strictly the SM per se, but one wouldn't want to hand the PDU to the
application for processing before any necessary user/group mapping updates
have happened.  Otherwise there's a processing race condition.  (If the user/group
mapping arrives in the same PDU as the authentication-related stuff, and if
the implementation-specific internal API that hands this information to the
access control stuff is synchronous, there's no problem.  If, for example,
the mapping were to arrive later, then there could be a problem if there is
no mechanism internal to the implentations to serialize things.)

Randy

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms