Re: [Ace] Offline operation of Resource Server

Rafa Marin Lopez <rafa@um.es> Mon, 14 July 2014 12:07 UTC

Return-Path: <rafa@um.es>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48FD41A0395 for <ace@ietfa.amsl.com>; Mon, 14 Jul 2014 05:07:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.852
X-Spam-Level:
X-Spam-Status: No, score=-4.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4l8_gBCdiKwj for <ace@ietfa.amsl.com>; Mon, 14 Jul 2014 05:07:29 -0700 (PDT)
Received: from xenon24.um.es (xenon24.um.es [155.54.212.164]) by ietfa.amsl.com (Postfix) with ESMTP id B0A2A1A03B8 for <ace@ietf.org>; Mon, 14 Jul 2014 05:07:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon24.um.es (Postfix) with ESMTP id 6241910E4; Mon, 14 Jul 2014 14:07:26 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon24.um.es
Received: from xenon24.um.es ([127.0.0.1]) by localhost (xenon24.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id j7fiW3dXG8ui; Mon, 14 Jul 2014 14:07:26 +0200 (CEST)
Received: from inf-205-191.inf.um.es (inf-205-191.inf.um.es [155.54.205.191]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa) by xenon24.um.es (Postfix) with ESMTPSA id DDFD5297; Mon, 14 Jul 2014 14:07:24 +0200 (CEST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Rafa Marin Lopez <rafa@um.es>
In-Reply-To: <53C3C2A0.9000200@gmx.net>
Date: Mon, 14 Jul 2014 14:07:24 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B66C3D02-A3A0-4DCE-83A2-DFDA274D1AE3@um.es>
References: <53C3C09A.5090707@gmx.net> <55DC663C2F4F9F439F23543E0078E8B3A678C284@EXC001> <53C3C2A0.9000200@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/j9LzHqlM-7qnveUNsTOFZZ_D0OE
Cc: Josh Howlett <Josh.Howlett@ja.net>, Rafa Marin Lopez <rafa@um.es>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Offline operation of Resource Server
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jul 2014 12:07:33 -0000

+1.

That is what we had also in mind with our EAP/AAA solution (for bootstrapping). In fact, although not in the context of IoT, UMU has been working in bootstrapping Kerberos with EAP/AAA authentication. We think some of the ideas could be still applicable here. As Josh mentioned we have running code.

Best Regards.


- Rafael Marin-Lopez, Fernando Pereniguez, Gabriel Lopez, and Alejandro
Perez-Mendez. Providing EAP-based Kerberos pre-authentication and
advanced authorization for network federations. Computer Standard &
Interfaces, 33(5):494-504, 2011.

- Alejandro Perez-Mendez, Fernando Pereniguez-Garcia, Rafael Marin-Lopez, and
Gabriel Lopez-Millan. Out-of-band federated authentication for Kerberos
based on PANA. Elsevier Computer Communications, 36(14):1527 1538, 2013.


El 14/07/2014, a las 13:44, Hannes Tschofenig <hannes.tschofenig@gmx.net> escribió:

> Interesting point, Josh.
> 
> On 07/14/2014 01:43 PM, Josh Howlett wrote:
>> A strict requirement for offline operation need not necessarily
>> exclude an AAA/EAP solution. It is perfectly possible, for example,
>> to use GSS EAP pre-authentication to obtain a Kerberos ticket from a
>> KDC. There is running code.
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace

-------------------------------------------------------
Rafael Marin Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
-------------------------------------------------------