IETF Logo Mail Archive

Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

David Chadwick <d.w.chadwick@kent.ac.uk> Mon, 23 September 2013 06:48 UTC

Return-Path: <d.w.chadwick@kent.ac.uk>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882F411E81AC for <abfab@ietfa.amsl.com>; Sun, 22 Sep 2013 23:48:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azD6Y292fkrW for <abfab@ietfa.amsl.com>; Sun, 22 Sep 2013 23:48:28 -0700 (PDT)
Received: from mx3.kent.ac.uk (mx3.kent.ac.uk [129.12.21.34]) by ietfa.amsl.com (Postfix) with ESMTP id 81FB511E81A7 for <abfab@ietf.org>; Sun, 22 Sep 2013 23:48:24 -0700 (PDT)
Received: from 252.1.125.91.dyn.plus.net ([91.125.1.252] helo=[192.168.1.68]) by mx3.kent.ac.uk with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1VNzwQ-0007KP-Kc; Mon, 23 Sep 2013 07:48:18 +0100
Message-ID: <523FE430.4040106@kent.ac.uk>
Date: Mon, 23 Sep 2013 07:48:16 +0100
From: David Chadwick <d.w.chadwick@kent.ac.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>
References: <tsl61ug7n72.fsf@mit.edu> <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com>
In-Reply-To: <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: abfab@ietf.org, 'Sam Hartman' <hartmans-ietf@mit.edu>
Subject: Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 06:48:33 -0000

Apologies from me as well Sam, here are my comments on 
draft-ietf-abfab-arch-07.txt

Technical

Section 1.
i) Data Minimization and User Participation: "There is currently no 
direct client participation in this decision." (i.e. release of identity 
attributes). We should say at this juncture that this is a major 
deficiency in existing federated systems, since the user does not have 
full consent or control over which of his identity attributes are 
released. This should be fixed in Abfab

ii) Section 1.1.1
Authenticator should be defined before it is used.

iii) I dont buy into your whiteboard example of single entity 
authentication, because a hacked whiteboard could trick the user into 
opening the wrong file, which could be disasterous during an important 
business meeting. SO mutual authentication is needed here as well. If 
you want an example where mutual authentication is not important, its 
one where either the information being accessed is of very little value 
to the accessor so that it does not matter if it is erroneous 
information or not, or one where it does not matter who the accessor is 
i.e. its public information.



Editorials

Section 1
the Relying Party know specific -> the Relying Party to know specific

Section 1.1
the document uses either a the ABFAB term -> the document uses either 
the ABFAB term
The table should be labelled "Table 1. Terminology"

Section 1.4
a SAML Attribute Requests -> a SAML Attribute Request

Section 2.1.3
to validate theg identities -> to validate the identities
The trust mechanism must to ensure that -> The trust mechanism must 
ensure that
An RP can submit a request directly to a federation. -> An RP can submit 
a request directly to the correct federation.
information about given a IdP -> information about a given IdP

regards

David

On 23/09/2013 05:21, Jim Schaad wrote:
> My apologies for not getting these out in last call.
> One of these (the re-authentication section comment) is serious enough that
> I believe it needs to be resolved prior to sending the document on.
>
>
> Section 1.1.1
>
> old: Typically when considering channel binding
>
> new:
>
> Typicially when considering both EAP and GSS-API channel binding
>
> [JLS] done
>
> Later in the white board example
> channel binding should be GSS-API channel binding
>
> [JLS]  I don't understand this.   The two sentences which talk about the
> whiteboard do not have the phrase channel binding in them.  The next
> sentence would seem to apply to either GSS-API or EAP channel binding.
> Which sentence did you think should be changed?
>
> Section 2.3.3
>
> This is unlikely to survive IETF last call unchallenged.
>
> [JLS] Quite correct - this should say - please present your authentication
> token
>
> ...
>
>            <t>
>              There are circumstances where the server will want to have the
> client re-authenticate itself.
>              These include very long sessions, where the original
> authentication is time limited or cases where in order to complete an
> operation a different authentication is required.
>              GSS-EAP does not have any mechanism for the server to initiate a
> re-authentication as all authentication operation start from the client.
>              If a protocol using GSS-EAP needs to support re-authentication
> that is initiated by the server, then a request from the server to the
> client for the re-authentication to start needs to be placed in the
> protocol.
>            </t>
>            <t>
>              Clients can re-use the existing secure connection established by
> GSS-API to run the new authentication in by calling GSS_Init_sec_context.
>              At this point a full re-authentication will be done.
>            </t>
>
> What do you think needs to be added to this?
>
> Section 3.4
>
> old: shared private key
> new: shared session key
>
> [JLS] - Fixed
>
> Section 2.2.2 refers to sectian 6.1 for a description of GSS-API channel
> binding; that seems wrong
>
> [JLS] Section 6 has disappeared - so I am killing that portion of the
> section.
>
>> -----Original Message-----
>> From: abfab-bounces@ietf.org [mailto:abfab-bounces@ietf.org] On Behalf
>> Of Sam Hartman
>> Sent: Wednesday, September 04, 2013 6:04 AM
>> To: abfab@ietf.org
>> Subject: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
>>
>> Sent from wrong address.
>>
>
>
> _______________________________________________
> abfab mailing list
> abfab@ietf.org
> https://www.ietf.org/mailman/listinfo/abfab
>

v2.23.0 | Report a Bug | By Email