[Emu] Issue #20: Method Meta-Data

To: <emu at ietf.org>
Subject: [Emu] Issue #20: Method Meta-Data
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Thu, 6 Aug 2009 12:51:20 -0700
Authentication-results: sj-dkim-2; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1563; t=1249588282; x=1250452282; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20Issue=20#20=3A=20Method=20Meta-Data |Sender:=20; bh=aqUiWAqN2uLmbzW6stNnV8cXl5C0TTp/u/abZ4OKlFU=; b=IVgQ3WtVqQMrFU0lfmAvfuAdopD3dAvc8wWZc2DdUr4WnsGGFrMhNKU2ZM /llzU5nsSk/gbGK2w3JdYbYpzAFMrPFBAeuPcJLCmPcN/v9qrtdbt9Bs7LxA 8XHMccOWy7;
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcoWzxG4GdSmFqmjRFqXehvVx1UUbAAAB7Ww
Thread-topic: Issue #20: Method Meta-Data

#20: Method Meta-Data

 > Section 4.5.3
 >
 > "   The password authentication exchange MUST support additional
 >    associated meta-data which can be used to indicate whether the
 >    authentication is for a user or a machine.  This allows the EAP
 >    server and peer to request and negotiate authentication
 > specifically
 >    for a user or machine.  This is useful in the case of
 > multiple inner
 >    authentications where the user and machine both need to be
 >    authenticated.
 > "
 > Why is it necessary to support meta-data to indicate whether
 > authentication is for a user or machine?  Few authentication
 > protocols support this today and don't seem to miss it.  For
 > example, does Kerberos or PKI distinguish explicitly between
 > user and machine credentials?
 >

 and

 > Section 4.6.5
 >
 > "   The tunnel method MUST allow for the communication of
 > additional data
 >    associated with an EAP method.  This can be used to
 > indicate whether
 >    the authentication is for a user or a machine.  This allows the
EAP
 >    server and peer to request and negotiate authentication
 > specifically
 >    for a user or machine.  This is useful in the case of
 > multiple inner
 >    EAP authentications where the user and machine both need to be
 >    authenticated.
 > "
 > Again, why is meta-data necessary?  Can't the basic need for
 > machine + user auth be met without this?
 >

-- 
Ticket URL: <http://wiki.tools.ietf.org/wg/emu/trac/ticket/20>
emu <http://tools.ietf.org/wg/emu/>

Follow-Ups:
- Re: [Emu] Issue #20: Method Meta-Data
  - From: Joseph Salowey (jsalowey)

Prev by Date: [Emu] Issue #19: Method Chaining
Next by Date: Re: [Emu] Issue #7: Password Authentication
Previous by thread: [Emu] Issue #19: Method Chaining
Next by thread: Re: [Emu] Issue #20: Method Meta-Data
Index(es):
- Date
- Thread

[Emu] Issue #20: Method Meta-Data

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.