[abfab] draft-ietf-abfab-usability-considerations review
Sam Hartman <hartmans@painless-security.com> Tue, 21 July 2015 11:06 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7151A00A8 for <abfab@ietfa.amsl.com>; Tue, 21 Jul 2015 04:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l3F-pRpU9yVM for <abfab@ietfa.amsl.com>; Tue, 21 Jul 2015 04:06:11 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85C491A009F for <abfab@ietf.org>; Tue, 21 Jul 2015 04:06:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id EC77C2074F for <abfab@ietf.org>; Tue, 21 Jul 2015 07:05:47 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4D8zOksXbOin for <abfab@ietf.org>; Tue, 21 Jul 2015 07:05:47 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (dhcp-9886.meeting.ietf.org [31.133.152.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS for <abfab@ietf.org>; Tue, 21 Jul 2015 07:05:47 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 21CD482120; Tue, 21 Jul 2015 07:06:08 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: abfab@ietf.org
Date: Tue, 21 Jul 2015 07:06:08 -0400
Message-ID: <tslbnf522jj.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/ewpI1KqDWfNhxsu7Myj34vXTZGw>
Subject: [abfab] draft-ietf-abfab-usability-considerations review
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 11:06:13 -0000
Section 3 and 6. Trust anchor is described as either being the trust anchor for a service or identity provider. In section 6 the document talks about trust anchors for servers. IN the scope of this document we only care about trust anchors for identity provider. I recommend narrowing the definition in section 3 and using more specific terminology in section 6. Section 6.1 The biggest reason we don't want to store multiple identities with a the same NAI is that by passing in a NAI to gss_acquire_creds the application can force the choice of a given NAI. Section 8: Section 8 implies that the identity selector will be in a position to decide what errors to present to the user. I don't think that's very likely to be true. The GSS application is likely to decide what errors to present to the user. The identity selector is in a position to decide what if any automated actions to take based on the error. Section 8/9 should discuss the success but useless case. That is, I am successfully authenticated and an app layer connection is accepted, but I don't have the permissions I need. Think about the case where I was hoping to be a moonshot management portal admin, but end up being a random user. I was hoping to create an organisation but all I can do is create communities. I'm not sure if it is an error or a success. I think section 8 and 9 could also do a better job of clarifying what it means for errors to be reported at different layers. For example in SASL, authorization failures will probably not come back as a GSS error, but instead either as a dropped connection or as an app-level error. --Sam