An EAP identities only apply to 802.1X, so yes. Supplicants are not designed to be configured by end users. How this data gets configured is irrelevant to the conversation.
tim From: Alan DeKok <[email protected]> Date: Tuesday, August 3, 2021 at 10:50 To: Tim Cappalli <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [Emu] Identities and draft-ietf-emu-tls-eap-types-03 On Aug 3, 2021, at 10:01 AM, Tim Cappalli <[email protected]> wrote: > I fail to understand why this is "a terrible idea". Many organizations, > including EDUs have multiple TLDs that are used for sign-in. Cloud IdPs > require a fully qualified username. Sure. It's good to see the NAI recommendations of RFC 7542 being more widely adopted. :) My question though is this a use-case for 802.1X? Are users really capable now of entering one identity for the outer routing, and a completely different one for the inner one? Or do the users use MDM to do it? I haven't seen wide-spread use of different realms in EAP, but maybe I'm not talking to the right people. > I don't think there should be any text on this topic. I think it's useful to give guidance on pros/cons of this issue. If using different inner/outer realms is a common practice, then it would be good to explain when that's used, and why. Alan DeKok.
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
