eap Mailing List: Re: Questions for draft-barany-eap-gee-01

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

Inclusion of information regarding access versus service is an
authorization act.

Madjid

-----Original Message-----
From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com] 
Sent: Tuesday, June 20, 2006 10:41 PM
To: Nakhjiri Madjid-MNAKHJI1; M. Vanderveen; Quinn Li; Cao Zhen
Cc: eap [at] frascone.com
Subject: RE: [eap] Questions for draft-barany-eap-gee-01

At 11:58 AM 6/20/2006, Nakhjiri Madjid-MNAKHJI1 wrote:
>I agree, it seems that AAA functions that are typically done after 
>authentication are introduced into EAP messaging, while EAP is just 
>a protocol to carry authentication exchanges. EAP is an 
>"authentication" protocol, not a AAA protocol.

I am confused here.  I see no reference to AAA, especially the AAA 
protocol, in the emails below.  What are you referring to?

Lakshminath

>
>Madjid
>
>
>
>----------
>From: M. Vanderveen [mailto:mvandervn [at] yahoo.com]
>Sent: Tuesday, June 20, 2006 1:51 PM
>To: Nakhjiri Madjid-MNAKHJI1; Lakshminath Dondeti; Quinn Li; Cao Zhen
>Cc: eap [at] frascone.com
>Subject: Re: [eap] Questions for draft-barany-eap-gee-01
>
>While a solution for demultiplexing several EAP sessions might be 
>helpful, part of the resistance to the introduction of this sublayer 
>is probably due to the fact that there are ways around this issue.
>
>It's not clear to me why we are trying to inform the peer as whether 
>the current EAP session is for service vs. for access. Looking at 
>the newly emerged EAP-GPSK, all the peer needs to know is the ID it 
>gave the server and the server ID, in order to pull out the correct 
>security association to carry out EAP-GPSK. It can be informed 
>whether access or service was granted *after* this is all done, by 
>some other means that have nothing to do with EAP.
>
>In the network that we have deployed, and in others that we hope to 
>deploy some day, multiple EAP sessions do come into play but the 
>overall authentication mechanism can be made to work in a fairly 
>simple fashion without any additional EAP-related mechanisms/layers.
>
>Michaela
>
>Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri [at] motorola.com> wrote:
>
>
>-----Original Message-----
>From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com]
>Sent: Monday, June 12, 2006 11:58 PM
>To: Quinn Li; Cao Zhen
>Cc: eap [at] frascone.com
>Subject: Re: [eap] Questions for draft-barany-eap-gee-01
>
>Hi,
>
>GEE is not a general purpose authentication protocol. It is a
>generic EAP encapsulation mechanism that allows demultiplexing of
>multiple simultaneous EAP conversations between a peer and an
>authenticator. You say that the draft does describe the MVNO
>scenarios well, so I guess we can safely conclude that it does its job
>then.
>
>EAP is not used for IMS or Mobile IPv6 authentication, is it? So, in
>simple terms, it's not the purpose of the GEE draft to specify
>support for those services.
>
>Madjid>>EAP is being used for non-cellular access into IMS.
>EAP is being considered for MIP6 bootstrapping.
>If the idea is to standardize the usage, then it should not be
>customized for a specific use case.
>
>_________________________________________________________________
>To unsubscribe or modify your subscription options, please visit:
>http://lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.frascone.com/pipermail/eap
>
>
>
>  __________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com