IETF Logo Mail Archive

Re: [dix] Agenda bashing

Eliot Lear <lear@cisco.com> Mon, 03 July 2006 07:27 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxIq7-0000Et-5V; Mon, 03 Jul 2006 03:27:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxIq5-0000Eo-TD for dix@ietf.org; Mon, 03 Jul 2006 03:27:25 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FxIq4-0006nf-KP for dix@ietf.org; Mon, 03 Jul 2006 03:27:25 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 03 Jul 2006 00:27:24 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id k637ROto025550 for <dix@ietf.org>; Mon, 3 Jul 2006 00:27:24 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id k637RNke014122 for <dix@ietf.org>; Mon, 3 Jul 2006 00:27:23 -0700 (PDT)
Received: from [212.254.247.4] (ams3-vpn-dhcp411.cisco.com [10.61.65.155]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k637M0cT032666 for <dix@ietf.org>; Mon, 3 Jul 2006 00:22:01 -0700
Message-ID: <44A8C6D8.9010901@cisco.com>
Date: Mon, 03 Jul 2006 09:27:20 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] Agenda bashing
References: <p07000c11c0cb0029cc83@[12.105.228.215]>
In-Reply-To: <p07000c11c0cb0029cc83@[12.105.228.215]>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-4.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=1550; t=1151911644; x=1152775644; c=relaxed/simple; s=sjdkim4001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Agenda=20bashing; X=v=3Dcisco.com=3B=20h=3D6inNqoEUmFyA1l2ZAW91r5N7nQI=3D; b=cC/Z12RSjXVfOoWzeGUAtZfrr1niWLeb2z7VWmBtRK6wicQkmprUXSHN81qIpUvWuV5+Sy6p jOUuW12AJIOth2CJlYR+iQ5WQlOV9icwLcfC4ntBpmVAWQQ/COxmieow;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

Pete,
> So, from the conversation so far, these are the architectural/protocol
> issues I think need discussing at the BOF:
>
> - Discussion of the scope and number of the mechanisms. There seem to
> be desires for (1) the ability for the user to identify to the server
> (probably authenticating, preventing phishing as much as possible),
> (2) the ability to transfer user attributes to the server, (3) the
> ability to store user attributes remotely, and (4) the ability for a
> 3rd-party to warrant user attribute claims.

On point (1) in order to fix phishing it is the server that must
properly authenticate to the user (e.g., other way round).

>
>
> - Discussion of the pros and cons of mechanisms that involve changes
> to the user agent versus mechanisms which rely on a separate identity
> server to do all of the work without changing the user agent (e.g., DIX).
>
> - Discussion of the types of authentication mechanisms to be used. (I
> read Ben as saying it should be a general mechanism not tied to HTTP,
> Eliot and Terry as saying that the underlying mechanism should be
> common but that there should be HTTP-specific protocol, and John as
> having no interest in solving that particular problem. :-) )
The focus needs to be on commonality.  We want to avoid having to do
this for each and every protocol separately.  Using something like SASL
would be ideal.

I will not be present in Montreal, but I am very interested in the
problem space, and may propose solutions in the coming months.

Eliot

_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email