RE: Bar Bof on Federated Authentication Thursday at 9 PM during IETF week

"Thomas Hardjono" <ietf@hardjono.net> Wed, 10 March 2010 21:18 UTC

Return-Path: <ietf@hardjono.net>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16BA83A6A2E for <kitten@core3.amsl.com>; Wed, 10 Mar 2010 13:18:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ny3bC80omLa5 for <kitten@core3.amsl.com>; Wed, 10 Mar 2010 13:18:35 -0800 (PST)
Received: from outbound-mail-01.bluehost.com (outbound-mail-01.bluehost.com [69.89.21.11]) by core3.amsl.com (Postfix) with SMTP id A46E23A6A0C for <kitten@ietf.org>; Wed, 10 Mar 2010 13:17:54 -0800 (PST)
Received: (qmail 2973 invoked by uid 0); 10 Mar 2010 20:51:20 -0000
Received: from unknown (HELO box251.bluehost.com) (69.89.31.51) by cpoproxy1.bluehost.com with SMTP; 10 Mar 2010 20:51:20 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=hardjono.net; h=Received:From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:Thread-Index:Content-Language:X-Identified-User; b=HcoCIJxmFel9NpvAv8ywKcWmeTFfDMIBC5F87S50hom30dgDYLc8Rl+whi/YUPb3YRWeojZLdQChXABLpsda2UjObjgRkHe5+GYTZT64hqR7e4ojoWMCooZyOkeVhUBg;
Received: from dhcp-18-111-113-209.dyn.mit.edu ([18.111.113.209] helo=WINCE7P9IL9EJ0) by box251.bluehost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from <ietf@hardjono.net>) id 1NpSsB-0004fH-Hv; Wed, 10 Mar 2010 13:51:19 -0700
From: "Thomas Hardjono" <ietf@hardjono.net>
To: "'Phillip Hallam-Baker'" <hallam@gmail.com>
References: <tsl6356n16m.fsf@mit.edu> <006f01cabfeb$d21a5000$764ef000$@net> <4C680B87-37F2-43B4-8AAB-B3C031A727B9@arsc.edu> <a123a5d61003100504y6b30c74eue716b15d63777693@mail.gmail.com>
In-Reply-To: <a123a5d61003100504y6b30c74eue716b15d63777693@mail.gmail.com>
Subject: RE: Bar Bof on Federated Authentication Thursday at 9 PM during IETF week
Date: Wed, 10 Mar 2010 15:51:17 -0500
Message-ID: <000001cac093$6f7a1e00$4e6e5a00$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrAf36t6Wo+8g1zS+mHnuKrS9BKtgAElw2Q
Content-Language: en-us
X-Identified-User: {727:box251.bluehost.com:hardjono:hardjono.net} {sentby:smtp auth 18.111.113.209 authed with ietf@hardjono.net}
Cc: kitten@ietf.org, moonshot-community@jiscmail.ac.uk, emu@ietf.org, ietf@ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 21:18:36 -0000

> -----Original Message-----
> From: kitten-bounces@ietf.org [mailto:kitten-bounces@ietf.org] On Behalf
Of
> Phillip Hallam-Baker
> Sent: Wednesday, March 10, 2010 8:05 AM
> To: Melinda Shore
> Cc: emu@ietf.org; Glen Zorn; kitten@ietf.org; moonshot-
> community@jiscmail.ac.uk; Sam Hartman; ietf@ietf.org
> Subject: Re: Bar Bof on Federated Authentication Thursday at 9 PM during
IETF
> week
> 
> Last time we had a BOF on that subject matter we had people with the
> bizarre notion that the user interface should be excluded from work on
> user authentication.I don't care if usability is outside people's
> comfort zone, if any group is going to be chartered in this space it
> should be required to address usability issues or we are better off
> without it.

If I understand the draft and motivations behind it correctly,
I think a large part of the proposal (draft-howlett-eap-gss)
is to develop machine to machine federated identity (and authentication).
Which is why Radius is involved (as it is a common directory
infra in many organizations) and SAML Request/Response used
to carry authz info.

So, I'm not sure that "user interface" is relevant here.
GSSAPI is the suggested API for applications.

Or did I read the wrong draft... :)

/thomas/