Dave Nelson wrote: > Authentication is "proof of identity", i.e., it's about who you are. > Authorization is about "access control policy", i.e., what you may do. In > the example that you cite above, the action is clearly authorization.
I've been told that it's impossible to call that process authorization, because the user has not yet been authenticated. I would suggest that a common terminology be used. Changing the meaning of terms mid-discussion is not appropriate. > The > server is enforcing the "access control policy" that the "wildcard" user is > prohibited from logging in during the hours of 5 PM and 9 AM. This > authorization action *was* preceded by an implicit authentication action. This is the first I've heard of an "implicit authentication action" in this context. > It's just that the "wildcard" user, i.e., anyone on the planet, can easily > be authenticated without the exchange of credentials. We're arguing over semantics. No matter which semantics I choose, I get old I'm using them incorrectly. Stop nit-picking over the details, and pay attention to the *requirements* and *use-cases* that I have outlined. There is information that can be carried in EAP. Depending on who you are, it's called "authentication credentials", or "authorization data", or "damned if I know". Depending on who you are, the process of checking it is called "authorization" or "authentication" or "implicit authentication", or "something magic". Depending on who you are, it is "inappropriate" or "useful" to carry that information in EAP. If we can't agree on a consistent set of terminology, perhaps you could give your opinion on *what* information is being carried in EAP, and whether or not that information is useful or inappropriate. My opinion has been clear and consistent: Authenticators would like to know certain information before returning "success" or "fail" in EAP. Within some limitations, where that information can be carried in EAP, I believe it is appropriate and useful to carry it in EAP. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
