Glen Zorn wrote:
> I don't know; what do you call it when you turn off the ringer on your phone
> (to use an example similar to the one you gave above)? The fact that you
> don't answer the phone has nothing to do with who's calling (authentication)
> nor whether you want to talk to them (authoriz
Hoeper Katrin-QWKN37 wrote:
> Here's the open issue (as I see it from previous posts to the list):
...
> Is this the only issue that people are having with the draft?
> If so, I'd be interested if 1) there is a group consensus to remove the
> authorization feature and 2) whether removing this featu
Glen,
Thanks for clarifying your position. I believe that your argument is
that because EAP is an "authentication framework", it should not be
allowed to carry anything other than authentication protocols.
Is that correct? My apologies if this is not quite right. I am
having some difficulty findin
Alan DeKok writes...
> > A server can tell me that I'm not authorized without
> > knowing who I am?
>
> Yes. A policy could state that all logins between 5pm
> and 9am are to be rejected. In that case, it can reject
> you without knowing (or caring) who you are. This process
> can't be "auth
Dave Nelson wrote:
> Authentication is "proof of identity", i.e., it's about who you are.
> Authorization is about "access control policy", i.e., what you may do. In
> the example that you cite above, the action is clearly authorization.
I've been told that it's impossible to call that process
> -Original Message-
> From: Alan DeKok [mailto:al...@deployingradius.com]
> Sent: Wednesday, August 12, 2009 5:15 AM
> To: Hoeper Katrin-QWKN37
> Cc: Stephen Hanna; Glen Zorn; emu@ietf.org
> Subject: Re: [Emu] EAP and authorization
>
> Hoeper Katrin-QWKN37 wrote:
> > Here's the open issue
Stephen Hanna writes...
> I suppose that my basic argument is a practical one. Password
> change, channel bindings, and NEA assessments are useful things
> to do during the EAP exchange.
That much I think most of us would agree with. EAP is a convenient protocol
to use for exchanging that kind o
Alan DeKok writes...
> This is the first I've heard of an "implicit authentication
> action" in this context.
We have NULL cipher-suites, why can't we have NULL authentication methods?
> We're arguing over semantics.
Yes.
> Depending on who you are, it is "inappropriate" or "useful" to
Dave Nelson wrote:
>> This is the first I've heard of an "implicit authentication
>> action" in this context.
>
> We have NULL cipher-suites, why can't we have NULL authentication methods?
Yes, but it means we are far afield of the original discussion.
> My opinion is that is both "useful
Bret Jordan writes...
> Now EAP back in the day may have been the brain child of
> simple authentication for PPP links. However, today we need
> to look into what is really needed to enforce Security Policies
> on networks. It is my belief that regardless of the legacy name
> given to the protocol
There are various definitions of authentication. One could
argue for the broad definition included in RFC 4949:
$ authentication
(I) The process of verifying a claim that a system entity or
system resource has a certain attribute value.
Password change, channel bindings, and NEA as
Dave et all,
I agree that Authentication in the truest sense of the term is about knowing
and verifying who someone is or what something is (you can authenticate
things in addition to people). Also remember that authentication is NOT
restricted to just usernames and passwords. If we look at a busi
It looks like my first attempt at responding did not work due to send-from
email address problems. If this comes through twice, I apologize in
advance.
Dave et all,
I agree that Authentication in the truest sense of the term is about knowing
and verifying who someone is or what something is (yo
Dave Nelson [mailto://d.b.nel...@comcast.net] writes:
> Alan DeKok writes...
>
> > > A server can tell me that I'm not authorized without
> > > knowing who I am?
> >
> > Yes. A policy could state that all logins between 5pm
> > and 9am are to be rejected. In that case, it can reject
> > you w
Hello,
>> That's the straightforward approach. It avoids the need to cling to
>> alternate definitions of well understood terms. If you need to re-charter
>> to gain that authority, then so be it. IMHO, this whole discussion looks
>> like an end-run around the "domain of applicability" restric
15 matches
Mail list logo
