IETF Logo Mail Archive

Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

Rhys Smith <Smith@cardiff.ac.uk> Tue, 24 September 2013 14:59 UTC

Return-Path: <Smith@cardiff.ac.uk>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE63511E8139 for <abfab@ietfa.amsl.com>; Tue, 24 Sep 2013 07:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaB4eP4IIkLM for <abfab@ietfa.amsl.com>; Tue, 24 Sep 2013 07:59:40 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1lp0015.outbound.protection.outlook.com [213.199.154.15]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAF111E80E8 for <abfab@ietf.org>; Tue, 24 Sep 2013 07:59:39 -0700 (PDT)
Received: from AMSPR02MB022.eurprd02.prod.outlook.com (10.242.81.150) by AMSPR02MB021.eurprd02.prod.outlook.com (10.242.81.145) with Microsoft SMTP Server (TLS) id 15.0.775.9; Tue, 24 Sep 2013 14:59:38 +0000
Received: from AMSPR02MB022.eurprd02.prod.outlook.com ([169.254.8.175]) by AMSPR02MB022.eurprd02.prod.outlook.com ([169.254.8.175]) with mapi id 15.00.0775.005; Tue, 24 Sep 2013 14:59:37 +0000
From: Rhys Smith <Smith@cardiff.ac.uk>
To: Sam Hartman <hartmans@painless-security.com>
Thread-Topic: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
Thread-Index: AQHOuNPfQQkTxyn8N0m0X7zeM48s3ZnU+7YA
Date: Tue, 24 Sep 2013 14:59:37 +0000
Message-ID: <628336BC-BDDF-41A3-8A5E-C9F695BBCCC9@cardiff.ac.uk>
References: <tsl61ug7n72.fsf@mit.edu> <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com> <523FE430.4040106@kent.ac.uk> <tsl61trg1jz.fsf@mit.edu> <5240AA1C.3060409@kent.ac.uk> <tsl1u4eap67.fsf@mit.edu>
In-Reply-To: <tsl1u4eap67.fsf@mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [131.251.148.37]
x-forefront-prvs: 09796A1B83
x-forefront-antispam-report: SFV:NSPM; SFS:(252514010)(199002)(189002)(24454002)(36756003)(54356001)(16236675002)(33656001)(56816003)(80022001)(77096001)(74876001)(53806001)(77982001)(81542001)(76796001)(74706001)(79102001)(76786001)(50986001)(76482001)(46102001)(51856001)(83072001)(74662001)(81342001)(59766001)(47446002)(47976001)(65816001)(49866001)(19580405001)(19580395003)(69226001)(63696002)(81816001)(66066001)(83322001)(56776001)(54316002)(74366001)(82746002)(74502001)(80976001)(31966008)(81686001)(47736001)(74482001)(4396001)(80792004); DIR:OUT; SFP:; SCL:1; SRVR:AMSPR02MB021; H:AMSPR02MB022.eurprd02.prod.outlook.com; CLIP:131.251.148.37; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/signed; boundary="Apple-Mail=_86AB45D0-4919-41DB-9872-A5F7FDD577FA"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
X-OriginatorOrg: cardiff.ac.uk
Cc: Jim Schaad <ietf@augustcellars.com>, Sam Hartman <hartmans-ietf@mit.edu>, "<abfab@ietf.org>" <abfab@ietf.org>
Subject: Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 14:59:46 -0000

On 24 Sep 2013, at 04:12, Sam Hartman <hartmans@painless-security.com> wrote:

> I do not support either change.
> I'd be comfortable adding a statement that the ABFAB architecture does
> not provide a specific way for the user to inform the IDP about the
> user's requirements for attribute releases.
> Whether that's a major deficiency depends on what you're doing.
> I agree there are cases where it is.

+1.

Deficiency is in the eye of the beholder and their use case at that moment in time. In many cases it happens to be a major problem, but it's not a fundamental deficiency.

Calling out that ABFAB doesn't provide a means for this - and making no judgement on that fact - seems like a good way to go to me.

Rhys.
--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's research and education network

email: smith@cardiff.ac.uk / rhys.smith@ja.net
GPG: 0xDE2F024C

v2.23.0 | Report a Bug | By Email