Inclusion of information regarding access versus service is
an
authorization act.
Madjid
-----Original Message-----
From: Lakshminath Dondeti [mailto:ldondeti qualcomm.com]
Sent: Tuesday, June 20, 2006 10:41 PM
To: Nakhjiri Madjid-MNAKHJI1; M. Vanderveen; Quinn Li; Cao
Zhen
Cc: eapfrascone.com
Subject: RE: [eap] Questions for draft-barany-eap-gee-01
At 11:58 AM 6/20/2006, Nakhjiri Madjid-MNAKHJI1 wrote:
>I agree, it seems that AAA functions that are typically
done after
>authentication are introduced into EAP messaging, while
EAP is just
>a protocol to carry authentication exchanges. EAP is an
>"authentication" protocol, not a AAA
protocol.
I am confused here. I see no reference to AAA, especially
the AAA
protocol, in the emails below. What are you referring to?
Lakshminath
>
>Madjid
>
>
>
>----------
>From: M. Vanderveen [mailto:mvandervnyahoo.com]
>Sent: Tuesday, June 20, 2006 1:51 PM
>To: Nakhjiri Madjid-MNAKHJI1; Lakshminath Dondeti; Quinn
Li; Cao Zhen
>Cc: eapfrascone.com
>Subject: Re: [eap] Questions for draft-barany-eap-gee-01
>
>While a solution for demultiplexing several EAP sessions
might be
>helpful, part of the resistance to the introduction of
this sublayer
>is probably due to the fact that there are ways around
this issue.
>
>It's not clear to me why we are trying to inform the
peer as whether
>the current EAP session is for service vs. for access.
Looking at
>the newly emerged EAP-GPSK, all the peer needs to know
is the ID it
>gave the server and the server ID, in order to pull out
the correct
>security association to carry out EAP-GPSK. It can be
informed
>whether access or service was granted *after* this is
all done, by
>some other means that have nothing to do with EAP.
>
>In the network that we have deployed, and in others that
we hope to
>deploy some day, multiple EAP sessions do come into play
but the
>overall authentication mechanism can be made to work in
a fairly
>simple fashion without any additional EAP-related
mechanisms/layers.
>
>Michaela
>
>Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjirimotorola.com> wrote:
>
>
>-----Original Message-----
>From: Lakshminath Dondeti [mailto:ldondetiqualcomm.com]
>Sent: Monday, June 12, 2006 11:58 PM
>To: Quinn Li; Cao Zhen
>Cc: eapfrascone.com
>Subject: Re: [eap] Questions for draft-barany-eap-gee-01
>
>Hi,
>
>GEE is not a general purpose authentication protocol. It
is a
>generic EAP encapsulation mechanism that allows
demultiplexing of
>multiple simultaneous EAP conversations between a peer
and an
>authenticator. You say that the draft does describe the
MVNO
>scenarios well, so I guess we can safely conclude that
it does its job
>then.
>
>EAP is not used for IMS or Mobile IPv6 authentication,
is it? So, in
>simple terms, it's not the purpose of the GEE draft to
specify
>support for those services.
>
>Madjid>>EAP is being used for non-cellular access
into IMS.
>EAP is being considered for MIP6 bootstrapping.
>If the idea is to standardize the usage, then it should
not be
>customized for a specific use case.
>
>________________________________________________________
_________
>To unsubscribe or modify your subscription options,
please visit:
>http:/
/lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.
frascone.com/pipermail/eap
>
>
>
> __________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection
around
>http://mail.yahoo.com
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|