RE: [Isms] #32: is the securityName=username default OK?

["Nelson, David" <dnelson at enterasys.com>]

Uri Blumenthal writes...

> The birth-reason of ISMS was - people already invested in SOME
> infrastructure, and don't want to spend an extra dime on ANOTHER one.
So
> whatever scalability issues they had - they ALREADY ADDRESSED them in
> whatever infrastructure that they chose.

There are a range of scalability properties in the already adopted
infrastructures.  Local password files have relatively low scalability,
while Kerberos, RADIUS, Diameter, TACACS and general PKI infrastructures
have relatively high scalability.  As long as the requirements of ISMS
don't force the reduction of scalability to the lowest common
denominator for all mechanisms, I will be well satisfied.

> > Yes.  As long as the Kerberos users and AAA users aren't saddled
with
> > the requirement to implement and configure localized user
> > authentication information in the managed entity, I suppose that's 
> > all fine.
> 
> It would be nice if ISMS can accomplish that. I don't know if it's
> possible - but will be happy if it is.

I agree, however, I think that it is possible, and that it's more of a
MUST than a SHOULD. 

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms