EAP (RFC 3748) has a applicability statement scoped very strictly to
network access.
This document provides a mechanism that falls well outside that
applicability statement and permits the use of EAP for general
application authentication.
When ABFAB was chartered, there was a charter item to update the EAP
applicability statement. I think A number of people in the room at the
BOF, including myself, would have objected to the work being chartered
had that charter item not been present.
I think that work is important because I believe there are a number of
important concerns that apply to the use of EAP for authentication
beyond network access that need to be documented.
Unfortunately, the technical specification has gotten ahead of the
applicability statement update.
I'm OK with that provided that we're still firmly committed to an
applicability statement update. As part of approving this document now,
I want to confirm that we have consensus at least within the ABFAB
working group and the IESG to do that update.
If there is any doubt I'd far prefer that this document be held until
the applicability statement catches up.
--Sam