Re: [Captive-portals] customizing API URLs vs ???
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 31 July 2019 21:00 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9503012006D for <captive-portals@ietfa.amsl.com>; Wed, 31 Jul 2019 14:00:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDSuTMgzzE74 for <captive-portals@ietfa.amsl.com>; Wed, 31 Jul 2019 14:00:47 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F07AB120018 for <captive-portals@ietf.org>; Wed, 31 Jul 2019 14:00:46 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 979CE380BE; Wed, 31 Jul 2019 17:00:19 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CC977D92; Wed, 31 Jul 2019 17:00:45 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
cc: captive-portals@ietf.org
In-Reply-To: <99e64b26afc674f8411463b5ec55dde295e8c33d.camel@laposte.net>
References: <CAKD1Yr32DXr8fYHP_x7z9pQWwSchey8zQW11vw02bW9ONEV8Kg@mail.gmail.com> <01ad5bf0-1f60-4dbb-aa83-31d14fce6082@www.fastmail.com> <CAKD1Yr08LmfDhmDLqpR87iQQ4Z61CVpR9BTDeRHobpsvVxFJvA@mail.gmail.com> <CADo9JyW6TmBnr5f0AuSXKnKMXnMxGhMkgYbGQ1WYOQjSMefy=w@mail.gmail.com> <CAKD1Yr1Zo0NQod=p4ZqT6fJYJ=Xqh1q8eJT2+ich+p7Jmg1WiA@mail.gmail.com> <CADo9JyX1T8AnxirXLfGdcJzmjvy5_UGJktnbYByAuO7H++y8uA@mail.gmail.com> <CAKD1Yr0C_KEUpGUC-wbAV-ufG_VpNposecmzNQU5rEXaCeSZNQ@mail.gmail.com> <26405.1564182227@dooku.sandelman.ca> <CAKxhTx_CngPfs3V8sZ5n0SYbTN4zcu3L_cvGuLpbLJOZYu-1Kg@mail.gmail.com> <14eba834-e18a-4324-8baa-3a8b90cdaec4@www.fastmail.com> <CAFaTyiG_LxmyaSvBcqKgkYb9-SiaMcDr1khPV7oV-AVs85_x8g@mail.gmail.com> <16883.1564590555@localhost> <99e64b26afc674f8411463b5ec55dde295e8c33d.camel@laposte.net>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 31 Jul 2019 17:00:45 -0400
Message-ID: <16793.1564606845@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/GO4BSq_sCxMj-TgS5RnPI0U0F44>
Subject: Re: [Captive-portals] customizing API URLs vs ???
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 21:00:50 -0000
Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote: >> It probably occurs less in places like airports, hotels and >> enterprises where there is more local operational clue. > In entrerprises the dhcp layer is mostly owned by desktop IT (ADs, in > the hands of people still stuggling to come to terms with the way > Microsoft adopted networking and the cloud with a vengeance) while > access to the internal network (or from the "safe" internal network to > the wild internet, or from low-security visitor networks to high- > security internal networks) is managed by network or security teams. I'm not sure why you are bringing up desktop IT when I mention DHCPv4. In an enterprise captive portal use, I would expect it would be for visitors. The APs would have a second ESSID, and this would be operated by the network/security team. Whether they do DHCP locally or backhauled, would be their business, not desktop IT? Or are you saying that someone in desktop IT would say, "WE HAVE TO DO ALL DHCP", just because silos? > Network/security teams will want to plop the security portal in a > single tighly controled place (a datacenter, or a set of datacenters > for redundancy), while local/desktop IT would not care less about > security considerations (but then, they are not asked to care about > them). > Therefore, deep collaboration between local networking and the portal > is wishful thinking. The security dialog has to happen between the > client and the central portal, with as little constrains and smartness > as possible delegated to the local networking kit (ideally, just let > everyone talk to the portal, and let IP/Macs/whatever requires as > little effort as possible to identify a system talk to other network > ranges, as long as they match the whitelist published by the central > portal for those ranges). If the Captive Portal Enforcement Point is not on the AP itself, but in some part of the network, then I guess the need for colloboration between wifi people and network people is less. Network people would simply have all the guest traffic on some VLAN, do nothing on the APs themselves (other than VLAN tagging). What is your preference: does the client API have to have the client self-identify, or do we have to find a way to send unique URLs in IPv6 RAs? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Captive-portals] Review of draft-ietf-capport-rf… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… Tommy Pauly
- Re: [Captive-portals] Review of draft-ietf-cappor… Michael Richardson
- Re: [Captive-portals] Review of draft-ietf-cappor… Remi NGUYEN VAN
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Chris Spencer
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Remi NGUYEN VAN
- [Captive-portals] customizing API URLs vs ??? Michael Richardson
- Re: [Captive-portals] customizing API URLs vs ??? Nicolas Mailhot
- Re: [Captive-portals] customizing API URLs vs ??? Michael Richardson
- Re: [Captive-portals] customizing API URLs vs ??? Nicolas Mailhot