RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Thu, 12 February 2009 22:49 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A2393A67F1 for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 14:49:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.405
X-Spam-Level:
X-Spam-Status: No, score=-2.405 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKXyMauVKMZe for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 14:49:41 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 2DB143A6C12 for <ietf@ietf.org>; Thu, 12 Feb 2009 14:49:41 -0800 (PST)
Received: (qmail invoked by alias); 12 Feb 2009 22:49:45 -0000
Received: from a91-154-108-144.elisa-laajakaista.fi (EHLO 4FIL42860) [91.154.108.144] by mail.gmx.net (mp010) with SMTP; 12 Feb 2009 23:49:45 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18MPtVEvDcMJrU1WiXqJL2y5Tgj7U3Xa0SjwAjj5O TyCI4QuJk+3uts
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: 'Josh Howlett' <Josh.Howlett@ja.net>, 'Melinda Shore' <mshore@cisco.com>
References: <07d901c98d3e$0fdb9f70$0201a8c0@nsnintra.net><C5B9DD87.327A%mshore@cisco.com> <081b01c98d46$d8c731d0$0201a8c0@nsnintra.net> <6ED388AA006C454BA35B0098396B9BFB04CD3CC5@uxsrvr20.atlas.ukerna.ac.uk>
Subject: RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
Date: Fri, 13 Feb 2009 00:50:34 +0200
Message-ID: <084f01c98d64$51118b00$0201a8c0@nsnintra.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
In-Reply-To: <6ED388AA006C454BA35B0098396B9BFB04CD3CC5@uxsrvr20.atlas.ukerna.ac.uk>
Thread-Index: AcmNOUsifPOne/+8RcqFVJ7RSjvsDAAA9ChwAAH+vPcAAFRa0AAEND6wAALDcLA=
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.59
Cc: tls@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2009 22:49:42 -0000
Hi Josh, >Hannes wrote: >> Melinda wrote: >> > >> > and that there are >> > some non-trivial advantages to carrying authorizations in-band. >> Namely... > >I don't wish to speak for Melinda, but this is a view shared >by many within my own community. > >I have a long list of applications, collected from within this >community, with which they would like to use SAML-based >authorisation; Interesting. Any interest to share it with us? >and it seems to me that the ability for >application protocols to share a common mechanism for >expressing authorisation would mitigate or perhaps even avoid >the need to make application-specific authorisation extensions. My experience: authorization is often related to the specific application domain. Furthermore, working on SIP SAML I noticed the problems when you go down to specific solutions scenarios. >(The fact that SAML-based Web SSO uses SAML that is bound to >the application-layer is, I believe, only an artifact of a >requirement to avoid modifying contemporary Web browsers and I >don't think it is an approach that would necessarily be >desirable for the general case.) ... a reasonable transition plan, in my view. The reason for the success of these IdM solutions, particularly OpenID. >Binding authorisation to TLS, as suggested by this document, >is one approach that would satisfy the 'common mechanism' >requirement indicated previously. Looking forward to see your solutions. Ciao Hannes > >josh. > >JANET(UK) is a trading name of The JNT Association, a company >limited by guarantee which is registered in England under No. >2881024 and whose Registered Office is at Lumen House, Library >Avenue, Harwell Science and Innovation Campus, Didcot, >Oxfordshire. OX11 0SG >
- TLS WG Chair Comments on draft-ietf-tls-authz-07 Eric Rescorla
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Michael StJohns
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Powers Chuck-RXCP20
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Melinda Shore
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Tim Polk
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… SM
- TLS WG Chair Comments on draft-ietf-tls-authz-07 Eric Rescorla
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Hallam-Baker, Phillip
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Steven M. Bellovin
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Alfred Hönes
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Angelos D. Keromytis
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Melinda Shore
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Sam Hartman
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Peter Sylvester
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Pasi.Eronen
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Melinda Shore
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Kemp, David P.
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Kemp, David P.
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett