[abfab] Fwd: feedback on usability draft for abfab
Leif Johansson <leifj@sunet.se> Tue, 14 July 2015 12:35 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3FDE1A90FF for <abfab@ietfa.amsl.com>; Tue, 14 Jul 2015 05:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.039
X-Spam-Level: *
X-Spam-Status: No, score=1.039 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CtHj_1ndaVi for <abfab@ietfa.amsl.com>; Tue, 14 Jul 2015 05:35:42 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA2FD1A90E6 for <abfab@ietf.org>; Tue, 14 Jul 2015 05:35:41 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t6ECZcMW015181 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <abfab@ietf.org>; Tue, 14 Jul 2015 14:35:39 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id t6ECZZLX016495 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <abfab@ietf.org>; Tue, 14 Jul 2015 14:35:38 +0200 (CEST)
VBR-Info: md=sunet.se; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1436877338; bh=c66Cth+jgp3V/kcIw2EAf6loJThxeGlwaxZ8oKc1ZtI=; h=Date:From:To:Subject:References:In-Reply-To; b=z7fKepcgA5tPj6ow2nY1tZzQ3BcpLNvR4MJxKVw/us7JstT8KfhLFkf7cYbwJIRy2 NwajufXXwqNpkMUf4LFuScy6RNasRII/TFghH1VJvmLAJRVWUGty+NeSCAYyA50aYy VofbuZ9ZL83RadNLU+QwE9WhyJfnUTHN+4eWDhyE=
X-Footer: c3VuZXQuc2U=
Received: from [172.20.10.4] ([2.65.45.109]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)) for abfab@ietf.org; Tue, 14 Jul 2015 14:35:33 +0200
Message-ID: <55A50214.3080500@sunet.se>
Date: Tue, 14 Jul 2015 14:35:32 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: abfab@ietf.org
References: <D1C9361D.36759%kjk@internet2.edu>
In-Reply-To: <D1C9361D.36759%kjk@internet2.edu>
X-Forwarded-Message-Id: <D1C9361D.36759%kjk@internet2.edu>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09OQczDRq - 82f3bd4d0935 - 20150714
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=<leifj@sunet.se>; helo=smtp1.sunet.se; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/1IcfhavkfL1_xGoMW-u-ZCsMwK0>
Subject: [abfab] Fwd: feedback on usability draft for abfab
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 12:35:44 -0000
I got this review from Ken Klingenstein of Internet2 and am reposting it with his permission. Cheers Leif -------- Forwarded Message -------- Subject: feedback on usability draft for abfab Date: Mon, 13 Jul 2015 15:45:53 +0000 From: Ken Klingenstein <kjk@internet2.edu> To: Leif Johansson <leifj@sunet.se>, Rhys Smith <Rhys.Smith@jisc.ac.uk> Gents, Looked it over. Pretty complete. Just one or two comments. Sec 3 talks only of authentication and identity. Are there any use cases where a user will want some degree of privacy and want to release attributes (maybe packaged as a "pseudo-identity") to allow privacy-preserving authentication with authorization to use the service conveyed in the attributes released? Could the SSH keys be associated with such a pseudo-identity? Sec 6.1 recommends storing the password reset URL for an IdP. I would assume it won't be a particularly volatile URL, but it may change. Is it advisable to include it then? Having the help desk URL (presumably even less volatile) would allow a user to traverse to the password location. There is a security considerations section, but no privacy considerations section. Not sure if that is required now in IETF drafts, but it would be a worthy addition to this doc given its identity orientation. It might address the points about Section 3 mentioned above. That's it. Maybe the long grind is done. Good luck and enjoy Prague. Ken
- [abfab] Fwd: feedback on usability draft for abfab Leif Johansson
- Re: [abfab] Fwd: feedback on usability draft for … Sam Hartman