[abfab] charter take 2
Leif Johansson <leifj@sunet.se> Wed, 11 August 2010 13:11 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: abfab@core3.amsl.com
Delivered-To: abfab@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 51D953A68C3 for <abfab@core3.amsl.com>; Wed, 11 Aug 2010 06:11:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-59GLx78BWd for <abfab@core3.amsl.com>; Wed, 11 Aug 2010 06:11:08 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by core3.amsl.com (Postfix) with ESMTP id 113183A6847 for <abfab@ietf.org>; Wed, 11 Aug 2010 06:11:07 -0700 (PDT)
Received: from [192.36.125.216] (dhcp.pilsnet.sunet.se [192.36.125.216]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o7BDBe1I012595 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <abfab@ietf.org>; Wed, 11 Aug 2010 15:11:42 +0200 (CEST)
Message-ID: <4C62A18C.9090500@sunet.se>
Date: Wed, 11 Aug 2010 15:11:40 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre
MIME-Version: 1.0
To: abfab@ietf.org
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [abfab] charter take 2
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Aug 2010 13:11:11 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Klaas and me have been trying to summarize feedback from the BoF in the form of new charter text. We both felt it was necessary to rewrite most of the text to capture all of the feedback we've gotten during and after Maastricht. We have been very careful in capturing the essence of the first version. Abfab Proposed Charter Abfab - Application Bridging for Federated Access Beyond web Federated identity is today widely deployed for web applications using such technologies as OpenID, Security Assertion Markup Language (SAML), OAuth and Information Card (IMI). However, for protocols such as IMAP, XMPP, SSH, NFS and other non-IETF protocols not based on HTTP/HTML there is no readily deployable solution for federated identity. While work continues elsewhere on basic mechanisms that rely on using an HTTP/HTML interface to authenticate and authorize non-web applications, this working group will look at approaches that do not rely on the web, taking into account user interface concerns and the need to pass structured data to an appropriate authentication interface, as well as the need to handle large scale discovery. The working group will develop a solution for federated identity for IETF and non-IETF application protocols by combining SAML, EAP (RFC 3748) and AAA (RADIUS, Diameter). Constraints: - ------------ The working group will ensure that any solution developed has built- in technical controls for privacy protection. Initially the working group will focus on using GSS-API (RFC2743) to integrate federated identity into application protocols but other technologies for application interface are in scope. Adoption of such solutions by the working group are subject to the normal IETF consensus and (re)charter process. The working group may not change EAP (beyond the development of EAP mechanisms) RADIUS or Diameter without establishing consensus with the appropriate community within the IETF. The working group will use the following documents as a starting point for its work: - - draft-howlett-eap-gss-00, - - draft-howlett-radius-saml-attr-00 - - draft-hartman-gss-eap-naming-00 Concerns have been raised that additional work is required in keying AAA associations in a federated environment. The working group is chartered to explore these concerns and if needed, specify protocols that use existing AAA key management mechanisms to address these concerns. In addition, the working group will explore the usability and user interface issues associated with federated authentication. The work is not chartered to standardize protocols or recommend best current practice in the area of usability. The working group should explore the area and produce informational documents describing the issues and recommending appropriate work for the IETF in this area. As future work in dealing with user interface in this area progresses, the architecture of the system may need to expand to include additional components or make significant changes to adapt to improvements in understanding of user interface. In describing architecture work, the working group will emphasize this possibility of change. Coordination with other SDOs - ---------------------------- This work will require close coordination with work going on in the OASIS Security Services Technical Committee (SSTC). There should be sufficient overlapping participation between the SSTC and this working group for informal coordination. The chairs of this working group may work with the SSTC chairs and the IAB in case formal coordination is required. In particular coordination is required with respect to the SAML-RADIUS binding. Deliverables - ------------ The deliverables of the working group are: * A document describing applicable use cases. * An architecture document describing how the components of the solution fit together to address the use cases and open issues that will require future changes to the architecture * A standards-track protocol for carrying SAML messages in RADIUS and Diameter * An update to the EAP applicability statement in RFC 3748 describing the applicability of EAP to application authentication and placing appropriate requirements on this new EAP use case * A standards track solution for using EAP methods to provide authentication within the application * An update to the EMSK root key applicability statement in RFC 5295 * A standards-track description of GSS names and name attributes required by the solution * Informational descriptions of usability and user-interface concerns related to this work -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxioYwACgkQ8Jx8FtbMZncfdACbBJw48M6pHRaQ0EgAqQJZ9DM0 CiwAoIpCZQ9dHsSO0ApwAUZChHkUQd2B =QESJ -----END PGP SIGNATURE-----
- [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Eliot Lear
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Rafa Marin Lopez
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Eliot Lear
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Melinda Shore
- Re: [abfab] charter take 2 Glen Zorn
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Glen Zorn
- Re: [abfab] charter take 2 Klaas Wierenga
- Re: [abfab] charter take 2 Glen Zorn
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Klaas Wierenga
- Re: [abfab] charter take 2 Dave CROCKER
- Re: [abfab] charter take 2 Nicolas Williams
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Dave CROCKER
- Re: [abfab] charter take 2 Sam Hartman
- Re: [abfab] charter take 2 Dave CROCKER
- Re: [abfab] charter take 2 Leif Johansson
- Re: [abfab] charter take 2 Nicolas Williams