Hi, since I won't be at the meeting, here are a few thoughts about Sam's slides regarding the EAP Applicability draft, particularly about
Authorization Lifetime, Slide 6 The original Applicability statement IMHO makes quite clear that determining the Authorization Lifetime is not a good use of EAP. It first creates a very short white-list of good uses (Network *Authentication*, and with the revision Application *authentication*) and then has a blanket statement blacklist: "Use of EAP for other purposes, [...], is NOT RECOMMENDED." One example is given, bulk data transport, but the statement is just as valid for other examples like ", such as determining authorization lifetime, " That statement has served well over the years to repel other uses of EAP (and in fact seems to be so threatening that abfab found that change of text is needed to get something new onto the whitelist). So answering the question brought up by Sam: I do not believe this needs to be documented. The generic NOT RECOMMENDED statement covers this adequately. For the other issues in the slide deck things are less clear; I'll be interested in the outcomes of the discussion. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
