[abfab] Protocol Action: 'A GSS-API Mechanism for the Extensible Authentication Protocol' to Proposed Standard (draft-ietf-abfab-gss-eap-09.txt)
The IESG <iesg-secretary@ietf.org> Tue, 28 August 2012 19:18 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 542D321F84E4; Tue, 28 Aug 2012 12:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.544
X-Spam-Level:
X-Spam-Status: No, score=-102.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uSDZ36ULSJmf; Tue, 28 Aug 2012 12:18:03 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C92421F8615; Tue, 28 Aug 2012 12:18:03 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.34
Message-ID: <20120828191803.18125.58655.idtracker@ietfa.amsl.com>
Date: Tue, 28 Aug 2012 12:18:03 -0700
Cc: abfab mailing list <abfab@ietf.org>, abfab chair <abfab-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [abfab] Protocol Action: 'A GSS-API Mechanism for the Extensible Authentication Protocol' to Proposed Standard (draft-ietf-abfab-gss-eap-09.txt)
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2012 19:18:04 -0000
The IESG has approved the following document: - 'A GSS-API Mechanism for the Extensible Authentication Protocol' (draft-ietf-abfab-gss-eap-09.txt) as Proposed Standard This document is the product of the Application Bridging for Federated Access Beyond web Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-abfab-gss-eap/ Technical Summary This document defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API) when using the EAP mechanism. Through the GS2 family of mechanisms, these protocols also define how Simple Authentication and Security Layer (SASL, RFC 4422) applications use the Extensible Authentication Protocol. Working Group Summary As "usual" with I-Ds with lots of technical content in the security area (especially true for GSS-related stuff) there are fewer reviews than one might want. This document is no better or worse than most in this respect. Sam Hartman (an author) had this concern during IETF LC that I'd like to check with the IESG to make sure we're ok with this document progressing now: "EAP (RFC 3748) has a applicability statement scoped very strictly to network access. This document provides a mechanism that falls well outside that applicability statement and permits the use of EAP for general application authentication. When ABFAB was chartered, there was a charter item to update the EAP applicability statement. I think A number of people in the room at the BOF, including myself, would have objected to the work being chartered had that charter item not been present. I think that work is important because I believe there are a number of important concerns that apply to the use of EAP for authentication beyond network access that need to be documented. Unfortunately, the technical specification has gotten ahead of the applicability statement update. I'm OK with that provided that we're still firmly committed to an applicability statement update. As part of approving this document now, I want to confirm that we have consensus at least within the ABFAB working group and the IESG to do that update. If there is any doubt I'd far prefer that this document be held until the applicability statement catches up." Document Quality There is one implementation (moonshot project) that spans multiple platforms. To our knowledge no other implementations exists or are planned. The one implementation has seen quite a bit of testing though expecially for the GSS-layer since lots of opensource applications have been modified to support ABFAB/GSS-EAP using moonshot. Personnel Leif Johansson is sheparding (co-chair) Stephen Farrell (AD)