Phil Heller ( (no email) )
Tue, 6 May 1997 18:28:01 -0400

Ok, here's the scoop on the technical aspects of IPASS (as I understand).
(see diagrams below descriptions)

1] A local user who dials in through a pop owned by the originating ISP is
normally, via Radius-NT.

2] A roaming user (member of an IPASS affiliate ISP) who dials into a POP
owned by the originating ISP uses a user name like juser@localisp.com
rather than just juser (where localisp.com is the domain of the ISP he
originally signed up with.) Now Radius NT will notice that the user is
roaming (due to the @ in the login name) and proxy to the IPASS radius

3] A local user who dials in through an IPASS affiliate owned POP would be
authenticated by the affiliate Radius server as described above, but when
the IPASS radius server is proxied, it then proxies the originating ISP's
Radius server.

1) [local user]---->[originating ISP POP]---->[Originating ISP radius]

2) [romaing user]---->[originating ISP POP]---->[Originating ISP
radius]---->[IPASS Radius]---->[affiliate Radius Server]

3) [Local User]---->[affiliate POP]---->[affiliate Radius]---->[IPASS
Radius]---->[originating radius]

Looks kinda cool if you ask me.... It'd be a nice feature to add to

.. Phil