| Re: Questions for draft-barany-eap-gee-01 | <– Date –> <– Thread –> |
From: Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri motorola.com)
|
|
| Date: Wed, 21 Jun 2006 16:46:18 -0700 (PDT) | |
-----Original Message----- From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com] Sent: Wednesday, June 21, 2006 11:36 AM To: Nakhjiri Madjid-MNAKHJI1; M. Vanderveen; Quinn Li; Cao Zhen Cc: eap [at] frascone.com Subject: RE: [eap] Questions for draft-barany-eap-gee-01 I still don't understand how what you write below is relevant to the discussion at hand, but anyway, I think I made my point. Madjid>>Not sure what that means, but I guess that is good for you. I will note that the word "service" seems to throw people off into debates on authentication vs. authorization and that may be what's happening here. Madjid>>yes, If it helps, perhaps the use of the terms L2 access and L3 access might be better. Madjid>>Ok, that is better, but still L3 access is vague: is it getting IP addresses? Setting IP connectivity? And regardless of what it means, multiplexing multiple purposes in one EAP signaling, means you need to include indication for these purposes in the EAP signaling. I don't know how you would do it in a way that does not break existing implementations of EAP? Further, multiple parallel authentications could also be for device and user authentications as Kuntal points out. Other use cases are also possible. Madjid>> There are many cases, if not all cases, where device and user authentication do not happen in parallel but in series as a form of multifactor authentication. regards, Lakshminath At 09:00 AM 6/21/2006, Nakhjiri Madjid-MNAKHJI1 wrote: >Inclusion of information regarding access versus service is an >authorization act. > >Madjid > >-----Original Message----- >From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com] >Sent: Tuesday, June 20, 2006 10:41 PM >To: Nakhjiri Madjid-MNAKHJI1; M. Vanderveen; Quinn Li; Cao Zhen >Cc: eap [at] frascone.com >Subject: RE: [eap] Questions for draft-barany-eap-gee-01 > >At 11:58 AM 6/20/2006, Nakhjiri Madjid-MNAKHJI1 wrote: > >I agree, it seems that AAA functions that are typically done after > >authentication are introduced into EAP messaging, while EAP is just > >a protocol to carry authentication exchanges. EAP is an > >"authentication" protocol, not a AAA protocol. > >I am confused here. I see no reference to AAA, especially the AAA >protocol, in the emails below. What are you referring to? > >Lakshminath > > > > >Madjid > > > > > > > >---------- > >From: M. Vanderveen [mailto:mvandervn [at] yahoo.com] > >Sent: Tuesday, June 20, 2006 1:51 PM > >To: Nakhjiri Madjid-MNAKHJI1; Lakshminath Dondeti; Quinn Li; Cao Zhen > >Cc: eap [at] frascone.com > >Subject: Re: [eap] Questions for draft-barany-eap-gee-01 > > > >While a solution for demultiplexing several EAP sessions might be > >helpful, part of the resistance to the introduction of this sublayer > >is probably due to the fact that there are ways around this issue. > > > >It's not clear to me why we are trying to inform the peer as whether > >the current EAP session is for service vs. for access. Looking at > >the newly emerged EAP-GPSK, all the peer needs to know is the ID it > >gave the server and the server ID, in order to pull out the correct > >security association to carry out EAP-GPSK. It can be informed > >whether access or service was granted *after* this is all done, by > >some other means that have nothing to do with EAP. > > > >In the network that we have deployed, and in others that we hope to > >deploy some day, multiple EAP sessions do come into play but the > >overall authentication mechanism can be made to work in a fairly > >simple fashion without any additional EAP-related mechanisms/layers. > > > >Michaela > > > >Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri [at] motorola.com> wrote: > > > > > >-----Original Message----- > >From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com] > >Sent: Monday, June 12, 2006 11:58 PM > >To: Quinn Li; Cao Zhen > >Cc: eap [at] frascone.com > >Subject: Re: [eap] Questions for draft-barany-eap-gee-01 > > > >Hi, > > > >GEE is not a general purpose authentication protocol. It is a > >generic EAP encapsulation mechanism that allows demultiplexing of > >multiple simultaneous EAP conversations between a peer and an > >authenticator. You say that the draft does describe the MVNO > >scenarios well, so I guess we can safely conclude that it does its job > >then. > > > >EAP is not used for IMS or Mobile IPv6 authentication, is it? So, in > >simple terms, it's not the purpose of the GEE draft to specify > >support for those services. > > > >Madjid>>EAP is being used for non-cellular access into IMS. > >EAP is being considered for MIP6 bootstrapping. > >If the idea is to standardize the usage, then it should not be > >customized for a specific use case. > > > >_________________________________________________________________ > >To unsubscribe or modify your subscription options, please visit: > >http://lists.frascone.com/mailman/listinfo/eap > > > >Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > > __________________________________________________ > >Do You Yahoo!? > >Tired of spam? Yahoo! Mail has the best spam protection around > >http://mail.yahoo.com
- Re: Questions for draft-barany-eap-gee-01, (continued)
- Re: Questions for draft-barany-eap-gee-01 Narayanan, Vidya, June 20 2006
- Message not available
- Re: Questions for draft-barany-eap-gee-01 Lakshminath Dondeti, June 20 2006
- Re: Questions for draft-barany-eap-gee-01 Nakhjiri Madjid-MNAKHJI1, June 21 2006
- Message not available
- Re: Questions for draft-barany-eap-gee-01 Lakshminath Dondeti, June 21 2006
- Re: Questions for draft-barany-eap-gee-01 Nakhjiri Madjid-MNAKHJI1, June 21 2006
- Re: Questions for draft-barany-eap-gee-01 Lakshminath Dondeti, June 20 2006
- Re: Questions for draft-barany-eap-gee-01 M. Vanderveen, June 21 2006
- Re: Questions for draft-barany-eap-gee-01 Narayanan, Vidya, June 21 2006
- New work item in EAP WG??: Questions for draft-barany-eap-gee-01 Nakhjiri Madjid-MNAKHJI1, June 20 2006
Results generated by Tiger Technologies using MHonArc.