On Aug 3, 2021, at 10:01 AM, Tim Cappalli <[email protected]> wrote: > I fail to understand why this is "a terrible idea". Many organizations, > including EDUs have multiple TLDs that are used for sign-in. Cloud IdPs > require a fully qualified username.
Sure. It's good to see the NAI recommendations of RFC 7542 being more widely adopted. :) My question though is this a use-case for 802.1X? Are users really capable now of entering one identity for the outer routing, and a completely different one for the inner one? Or do the users use MDM to do it? I haven't seen wide-spread use of different realms in EAP, but maybe I'm not talking to the right people. > I don't think there should be any text on this topic. I think it's useful to give guidance on pros/cons of this issue. If using different inner/outer realms is a common practice, then it would be good to explain when that's used, and why. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
