eap Mailing List: Proposed Resolution to Issue 311: EAP and Authorization

[Bernard Aboba (bernard_aboba]

The text of Issue 311 is available here:
http://www.drizzle.com/~aboba/EAP/eapissues3.html#Issue%20311

The proposed resolution is as follows:

In Section 1.3, change:

"  The EAP server also
  stores the peer's identity and/or other information necessary to
  decide whether access to some service should be granted.  The peer
  stores information necessary to choose which secret to use for which
  service.

  If authentication is based on proof of possession of the private key
  corresponding to the public key contained within a certificate, the
  parties store the EAP method to be used and the trust anchors used to
  validate the certificates.  The EAP server also stores the peer's
  identity and/or other information necessary to decide whether access
  to some service should be granted.  The peer stores information
  necessary to choose which certificate to use for which service."

To:

"The EAP server also stores the peer's identity as well as other information
associated with it. This information may be used to determine whether access
to some service should be granted. The peer
stores information necessary to choose which secret to use for which
service.

If authentication is based on proof of possession of the private key
corresponding to the public key contained within a certificate, the
parties store the EAP method to be used and the trust anchors used to
validate the certificates.  The EAP server also stores the peer's
identity and the peer stores information
necessary to choose which certificate to use for which service."