eap Mailing List: Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01

[Narayanan, Vidya (vidyan]

> 
> 
> > >>GEE is not a general purpose authentication protocol.  It
> > is a generic
> > >>EAP encapsulation mechanism that allows demultiplexing of 
> multiple 
> > >>simultaneous EAP conversations between a peer and an
> > authenticator.  
> > >>You say that the draft does describe the MVNO scenarios 
> well, so I 
> > >>guess we can safely conclude that it does its job then.
> > >Yes, I know GEE allows demulitplexing multiple EAP
> > conversation. AFAIK,
> > >MVNO is currently the only application for GEE. Do you have
> > any other
> > >application in your mind?
> 
> Here no reply for author's company, 
> so I suppose there will be no any other applications existed.
> it means GEE could only be used for network access scenario,
> and doesnt support any service.
> It also means EAP demultiplexing is only needed for network acess.
> So the application will be quite narrow, 
> I could not understand why this solution could be accepted by WG.
> 

GEE is not an authentication protocol, as you have correctly understood.
Anything that requires parallel runs of two EAP sessions can use GEE -
the only lower layer that doesn't need this is IKEv2 (since it does much
beyond functioning just as an EAP lower layer). All other lower layers
need a mechanism like GEE to demultiplex the parallel EAP exchanges.
Examples of usage scenarios can be MVNO-based network access, device and
user authentication, etc. The MVNO case has been identified as the one
that immediately requires a solution - hence, GEEv0 has been tailored
for this. However, the protocol has been written in an extensible manner
(the current draft has details on how GEEv1 can extend the protocol for
generic multiple EAP authentications) - so, future versions of GEE can
support multiple EAP exchanges for other purposes as well. 

Hope that helps. 

Regards,
Vidya