On Apr 18, 2020, at 3:55 PM, Rick van Rein <r...@openfortress.nl> wrote: > This is turning into a discussion about RADIUS versus Diameter.
I'm suggesting that since EAP runs over AAA protocols, it helps to understand where each AAA protocol is used, and why. The alternative is to have a solution which isn't applicable to existing problems. If your proposal is intended to run mainly in the 3G space, then my previous message explains which protocol you use, and why. If your proposal is intended to run mainly in the enterprise / ISP space, then my previous message also explains which protocol you use, and why. I believe that the document is clear enough so that someone can implement it. Which is appreciated, as many protocol drafts are maddeningly obtuse. The concern is that the document does not explain *who* would use this solution, or *why* they would use it. Or, why it would be used instead of existing EAP methods. On another technical note, page 3 says: What SASL stands to gain is the ability to be carried over widely used AAA backend protocols such as RADIUS and Diameter. When a site is standardising its authentication on SASL, it is possible for both network access and end-user applications to isolate authentication sequences and relay them to a shared AAA backend. This facilitates centralised management of identities and credentials. The ABFAB working group standardized precisely this many years ago. One implementation is Moonshot: https://www.jisc.ac.uk/rd/projects/moonshot They demonstrated roaming users authenticating to home networks using EAP over AAA. Not just for network access, but for SSH, Web login, etc. It would be good to explain why ABFAB is not applicable to this problem. I'll speak further from personal experience in this area. I've worked with roaming groups and companies for a long time. Typical commercial roaming integrations take many months. The technical side (e.g. dynamic roaming lookups && certificate exchanges) is the most trivial part of it. Also, these integrations are largely for ISPs and Telcos. But not for enterprises. My experience has been that most enterprises are been unwilling to discuss roaming. They see no benefit in setting up or using AAA servers so that employees can roam. So... what is the motivation for this proposal? Who will use it? Why? Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
