IETF Logo Mail Archive

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

"Josh Howlett" <Josh.Howlett@ja.net> Sat, 14 February 2009 22:22 UTC

Return-Path: <Josh.Howlett@ja.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 909B83A6AB5 for <ietf@core3.amsl.com>; Sat, 14 Feb 2009 14:22:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9yE7npiiSAz3 for <ietf@core3.amsl.com>; Sat, 14 Feb 2009 14:22:37 -0800 (PST)
Received: from umhost1.ukerna.ac.uk (umhost1.ukerna.ac.uk [193.62.83.67]) by core3.amsl.com (Postfix) with ESMTP id 88D843A680B for <ietf@ietf.org>; Sat, 14 Feb 2009 14:22:37 -0800 (PST)
Received: from har003676.ukerna.ac.uk ([194.82.140.75]) by umhost1.ukerna.ac.uk with esmtp (Exim 4.50) id 1LYSuG-0000Et-0A; Sat, 14 Feb 2009 22:22:40 +0000
Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 4589D4A6A7D_9974420B; Sat, 14 Feb 2009 22:22:24 +0000 (GMT)
Received: from uxsrvr20.atlas.ukerna.ac.uk (uxsrvr20.ukerna.ac.uk [193.62.83.209]) by har003676.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id 2C5B84A6B27_997441CF; Sat, 14 Feb 2009 22:22:20 +0000 (GMT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
Date: Sat, 14 Feb 2009 22:22:33 -0000
Message-ID: <6ED388AA006C454BA35B0098396B9BFB04CD3E86@uxsrvr20.atlas.ukerna.ac.uk>
In-Reply-To: <00b101c98ee7$1a391d30$3fb5b70a@nsnintra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
Thread-Index: AcmNOUsifPOne/+8RcqFVJ7RSjvsDAAA9ChwAAH+vPcAAFRa0AAEND6wAALDcLAAFl3XsABJixlAAANnWtA=
References: <07d901c98d3e$0fdb9f70$0201a8c0@nsnintra.net><C5B9DD87.327A%mshore@cisco.com> <081b01c98d46$d8c731d0$0201a8c0@nsnintra.net> <6ED388AA006C454BA35B0098396B9BFB04CD3CC5@uxsrvr20.atlas.ukerna.ac.uk> <084f01c98d64$51118b00$0201a8c0@nsnintra.net> <6ED388AA006C454BA35B0098396B9BFB04CD3D2A@uxsrvr20.atlas.ukerna.ac.uk> <00b101c98ee7$1a391d30$3fb5b70a@nsnintra.net>
From: Josh Howlett <Josh.Howlett@ja.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Melinda Shore <mshore@cisco.com>
Cc: Josh Howlett <Josh.Howlett@ja.net>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2009 22:22:38 -0000

Hi Hannes,

> My fear about SAML in TLS was a history like the following one: 
> * Hmmm. SAML becomes popular. We should put it in every protocol. 
> * There isn't an extension for TLS defined yet. Let's do it. 
> * Now, let's search for the problems it could solve. 

If the argument that you're making is that injecting authorisation at
the same level of the stack (TLS, whatever) is not appropriate for all
applications, then I agree 100%.

My assertion was that applications should ideally share the same
/mechanism/. This does not imply action at the same point of the stack.

> >> The reason for the success of these IdM solutions, particularly 
> >> OpenID.
> >
> >(Well - OpenID has been a flop in my opinion. It has its 
> uses, but not 
> >very interesting ones. But I digress...)
> 
> There are different camps, without doubt. Just to point you 
> to one other opinion -- Jeff Schiller's webblog I recently discovered:
> http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/

I disagree with his sentiments. While I emphasise his frustration at
'policy wonking', that is - unfortunately - where the important problems
are, if you want to do anything non-trivial. Anyone who thinks that
Internet identity is simply a technology problem is doomed to re-invent
SAML, poorly. 

best regards, josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

v2.34.0 | Report a Bug | By Email | System Status