[Isms] SSHSM RADIUS Integration draft (draft-narayan-isms-sshsm-radius-01.txt) submitted
"Kaushik Narayan \(kaushik\)" <kaushik@cisco.com> Wed, 14 March 2007 19:20 UTC
Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRZ1P-0001qv-Md; Wed, 14 Mar 2007 15:20:27 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HRZ1O-0001qq-Ko for isms@ietf.org; Wed, 14 Mar 2007 15:20:26 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HRZ1N-0001Jl-66 for isms@ietf.org; Wed, 14 Mar 2007 15:20:26 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 14 Mar 2007 12:20:24 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l2EJKONt025141; Wed, 14 Mar 2007 12:20:24 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l2EJKNZd004202; Wed, 14 Mar 2007 19:20:24 GMT
Received: from xmb-sjc-22d.amer.cisco.com ([128.107.191.68]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 Mar 2007 12:20:21 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 14 Mar 2007 12:20:18 -0700
Message-ID: <618694EF0B657246A4D55A97E38274C30325ECA6@xmb-sjc-22d.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: SSHSM RADIUS Integration draft (draft-narayan-isms-sshsm-radius-01.txt) submitted
Thread-Index: Acdmbc1EfazkBdlySeOyq4YZUbSbAw==
From: "Kaushik Narayan (kaushik)" <kaushik@cisco.com>
To: isms@ietf.org
X-OriginalArrivalTime: 14 Mar 2007 19:20:21.0444 (UTC) FILETIME=[CF0B4840:01C7666D]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4240; t=1173900024; x=1174764024; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=kaushik@cisco.com; z=From:=20=22Kaushik=20Narayan=20\(kaushik\)=22=20<kaushik@cisco.com> |Subject:=20SSHSM=20RADIUS=20Integration=20draft=20(draft-narayan-isms-ss hsm-radius-01.txt)=20submitted=20 |Sender:=20; bh=LioRZdph18n96mpuSHYoqUab/EaCOLJlv1zKoVh5hX8=; b=u9axiuRhFLgKRqyGGiYhmQuW6sBQ8UZhn0n2tKlD9DH/NKkNSq5TYGuWj3D+BJ9eFtdFGOQ2 r8Ij4rWMuFGeAE6neN5oC0cSzQK/BnkIHVFhFTZBGJYKyuecS58AiISk;
Authentication-Results: sj-dkim-2; header.From=kaushik@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 5011df3e2a27abcc044eaa15befcaa87
Cc:
Subject: [Isms] SSHSM RADIUS Integration draft (draft-narayan-isms-sshsm-radius-01.txt) submitted
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0041479747=="
Errors-To: isms-bounces@lists.ietf.org
Hi All, The RADIUS integration draft for SSHSM has been submitted to the drafts directory. The draft specifies details how RADIUS could be used as an authentication and authorization mechanism for SSHSM. This draft currently describes two approaches for integration of authorization information returned from the RADIUS server. a. Receive authorization information along with authentication request (traditional RADIUS model) & cache authorization information within TMSM. Augment VACM in an implementation-dependent fashion to fetch authorization parameters from TMSM (using tmStateReference). b. Define a new access control model that can issue direct RADIUS authorize-only requests to fetch authorization information on demand. This approach will also require the use of the TMSM cache to store the RADIUS state attribute. The draft does not elaborate on the details of such an access control model. We need further discussion within the WG on the two approaches and whether we need to elaborate on both. regards, David Nelson & Kaushik Narayan
_______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- [Isms] SSHSM RADIUS Integration draft (draft-nara… Kaushik Narayan (kaushik)
- RE: [Isms] SSHSM RADIUS Integration draft(draft-n… David Harrington
- RE: [Isms] SSHSM RADIUS Integrationdraft(draft-na… David B. Nelson
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- RE: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Kaushik Narayan (kaushik)
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… David Harrington
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- Re: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric