| RE: Proposed Resolution to Issue 311: EAP and Authorization | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Wed, 25 Jan 2006 00:05:14 -0800 (PST) | |
> -----Original Message----- > From: Bernard Aboba [mailto:Bernard_Aboba [at] hotmail.com] > Sent: Monday, January 16, 2006 6:45 PM > To: Salowey, Joe; eap [at] frascone.com > Subject: RE: [eap] Proposed Resolution to Issue 311: EAP and > Authorization > > > To: > > > > "The EAP server also stores the peer's identity as well as > > other information > > associated with it. This information may be used to determine > > whether access > > to some service should be granted. The peer > > stores information necessary to choose which secret to use for which > > service. > > > > If authentication is based on proof of possession of the private key > > corresponding to the public key contained within a certificate, the > > parties store the EAP method to be used and the trust > anchors used to > > validate the certificates. The EAP server also stores the peer's > > identity > > [Joe] why is it necessary that the EAP server store the > peer's identity > in this case? > > [BA] I guess to associate it with the authorizations. The > peer identity is > included in the certificate altSubjectName, so it isn't > needed for other > reasons. Is there a way to make that more clear? > [Joe] I don't think the EAP server needs to store the identity. It may store attributes associated with identity, however this could also be maintained outside the EAP Server or in the certificate itself. I think we should be clear that in general the EAP server does not perform authorization itself, but it may have access to authorization/naming information that can be exported to and used by the lower layer or AAA layer for authorization. > > and the peer stores information > > necessary to choose which certificate to use for which service." > > > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/eap > > > > Arhives: http://lists.frascone.com/pipermail/eap > > >
-
Proposed Resolution to Issue 311: EAP and Authorization Bernard Aboba, January 8 2006
- RE: Proposed Resolution to Issue 311: EAP and Authorization Alper Yegin, January 10 2006
-
RE: Proposed Resolution to Issue 311: EAP and Authorization Salowey, Joe, January 15 2006
- RE: Proposed Resolution to Issue 311: EAP and Authorization Bernard Aboba, January 16 2006
- RE: Proposed Resolution to Issue 311: EAP and Authorization Salowey, Joe, January 25 2006
Results generated by Tiger Technologies using MHonArc.