eap Mailing List: RE: Issue 189: Handling of the identity response

[Joseph Salowey (jsalowey]

> > > how about
> > >
> > > When an EAP Identity Method is used, Data in the EAP-Identity 
> > > Response is typically provided to subsequent EAP Methods.  The 
> > > subsequent Method MAY
> > > use this in its processing its algorithm.  Note that the
> > > information in the
> > > Identity Response is primarily used for routiing following
> > > EAP requests and
> > > for selecting a method to process the request.  A method
> > > SHOULD NOT use
> > > information in the Identity response as the actual Identity to be
> > > authenticated.
> > >
> > [Joe] I'm not sure about the last sentence. The SHOULD NOT may 
> > conflict with the previous MAY.  How about. "A method 
> SHOULD provide a 
> > method specific means for obtaining identity so it does not have to 
> > rely upon the information in identity response.
> >
> [John] I understand your point.  I was trying to say that the 
> algorithm MAY 
> use the information, otherwise why would we give it to him?  
> However, it 
> should not use it as the method's identity.  Note that it may use the 
> identity or identity as modified by the NAS to select which 
> EAP method to 
> use.  That is different than using it in the method.
> 
[Joe] Isn't the method section is done before the method gets the
identity?  Some existing methods may require the identity that is why it
should be provided to the method.  I think we want to discourage
reliance on the identity response in methods moving forward.