It seems that most of this discussion has to do with application authorization and AAA and not with EAP. As Alan points out there are several different ways session lifetime can be dealt with in current deployments ome of which put more control int he AAA and others more in the NAS. Its not clear to me that this belongs in an applicability statement.
Joe On Oct 22, 2012, at 4:01 AM, Alan DeKok wrote: > Alper Yegin wrote: >> Now, if someone tells me the NAS can set the lifetime value to anything >> irrespective of the lifetime received from the AAA, then I say he's using a >> centralized AA (authentication and accounting) server with distributed A >> (Authorization). An interesting case, not typical but doable. Someone may >> have a very special reason to do that. > > NASes have always had "creative" interpretations of authorization > policies coming from an AAA servers. So this behavior is well within > the traditional AAA. > >> Regarding the application state that is created within the authorized >> application session, yes I understand and agree that it may survive beyond >> the authorized session. But that's very application specific. We need to >> discuss that in the scope of specific applications. > > I agree. > > I would phrase the difference as being either the ability to *do* > something, or the ability to *have* something. Items like "session > timeout" control the ability to have a session. Once the session is > over, the ability goes away. Other items could be allowed to continue, > even after the session has been finished. > > Alan DeKok. > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
