I think this text goes way too much into solution territory rather than just focusing on the use case.
for example, the following all seem to be solution details: 1) There is an initial authentication with the network provider 2) An MSK is established with the network provider 3) The service provider finds the network provider based on configuration or discovery protocol. These details also go against the current ABFAB architecture. As best I can tell, the current abfab architecture does support the network provider leveraging their identities and the service provider using their identities. However under that architecture it would look more like: 1) user goes to service and begins abfab authentication 2) User provides network provider's realm to service 3) User engages in an EAP exchange with the network provider tunneled through the service and AAA infrastructure 4) If authentication succeeds, a MSK is generated and given to the service and user. These details would also be inappropriate to include in the use case document; I include them in this message only to illustrate how things differ and why we want to avoid solution focus in use-case text. If you believe that my proposed flow would not work for your use case, then let's focus on what the aspects of the use case are that would make these details inappropriate. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
