ned(_dot_)freed(_at_)mrochek(_dot_)com wrote:
what is the identity that is authenticated?
As far as I can tell there isn't one. These schemes specify a particular form
of authorization, not authentication.
Exactly. The original version of the LMAP discussion document
specifically used the word "authorization" to describe the proposal.
The later version was changed to use "authentication". I do not agree
with that change. Future versions of the document will revert to the
original wording.
I've been working in the Authorization, Authentication, and
Accounting (AAA) space since 1996. I've written a AAA server. I've
designed and deployed AAA solutions, and trained customers in them.
The various LMAP proposals have nothing whatsoever to do with
identity or authentication.
Alan DeKok.