Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
Sam Hartman <hartmans-ietf@mit.edu> Thu, 12 February 2009 22:39 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF9743A696D; Thu, 12 Feb 2009 14:39:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5rVLj390nC5; Thu, 12 Feb 2009 14:39:49 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id ED7D33A68F6; Thu, 12 Feb 2009 14:39:48 -0800 (PST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id DAF944526; Thu, 12 Feb 2009 17:39:48 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Josh Howlett <Josh.Howlett@ja.net>
Subject: Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
References: <07d901c98d3e$0fdb9f70$0201a8c0@nsnintra.net> <C5B9DD87.327A%mshore@cisco.com> <081b01c98d46$d8c731d0$0201a8c0@nsnintra.net> <6ED388AA006C454BA35B0098396B9BFB04CD3CC5@uxsrvr20.atlas.ukerna.ac.uk>
Date: Thu, 12 Feb 2009 17:39:48 -0500
In-Reply-To: <6ED388AA006C454BA35B0098396B9BFB04CD3CC5@uxsrvr20.atlas.ukerna.ac.uk> (Josh Howlett's message of "Thu, 12 Feb 2009 21:47:32 -0000")
Message-ID: <tsleiy3wa8b.fsf@live.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Melinda Shore <mshore@cisco.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, tls@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2009 22:39:50 -0000
>>>>> "Josh" == Josh Howlett <Josh.Howlett@ja.net> writes: Josh> I have a long list of applications, collected from within Josh> this community, with which they would like to use SAML-based Josh> authorisation; and it seems to me that the ability for Josh> application protocols to share a common mechanism for Josh> expressing authorisation would mitigate or perhaps even Josh> avoid the need to make application-specific authorisation Josh> extensions. The Kerberos community has many years of experience that within an infrastructure, carrying authorizations in-band has been useful and has reduced the effort required to fit an application into a larger infrastructure. Sometimes it reduces implementation cost in that sometimes libraries can automatically handle some aspects of authorization. Mor often, it reduces the cost of specifying a protocol or adapting a protocol that was not intended to work within a given infrastructure to working within the infrastructure. In many cases, authorization handling becomes a matter for client libraries and the server implementation, requiring little if any effort from the client application or any changes to the client->server protocol. As a result, it becomes significantly easier to expand the authorization system. To a large extent, it becomes a matter of updating the infrastructure, and updating only one side of the application. That is a huge savings in deployment and software engineering complexity. I would expect that SAML infrastructures could see similar benefits. For these reasons I support the publication of a standard in this space. I don't object to this work going to the TLS working group provided that 1) it is within their current charter 2) They commit to do the work and have sufficient energy to move it forward quickly. I do object to moving the discussion of whether to solve this problem to the TLS working group. I don't think that is the right forum: the TLS working group does not collect the people who would benefit from this work.
- TLS WG Chair Comments on draft-ietf-tls-authz-07 Eric Rescorla
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Michael StJohns
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Powers Chuck-RXCP20
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Melinda Shore
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Tim Polk
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… SM
- TLS WG Chair Comments on draft-ietf-tls-authz-07 Eric Rescorla
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Hallam-Baker, Phillip
- Re: TLS WG Chair Comments on draft-ietf-tls-authz… Steven M. Bellovin
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Alfred Hönes
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Angelos D. Keromytis
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Melinda Shore
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Sam Hartman
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Peter Sylvester
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett
- RE: TLS WG Chair Comments on draft-ietf-tls-authz… Pasi.Eronen
- Re: [TLS] TLS WG Chair Comments on draft-ietf-tls… Melinda Shore
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Kemp, David P.
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Kemp, David P.
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Hannes Tschofenig
- RE: [TLS] TLS WG Chair Comments on draft-ietf-tls… Josh Howlett