IETF Logo Mail Archive

[kitten] New Draft: Open Password Automation Recipe (OPAR) Protocol

Branden Williams <brw@brandenwilliams.com> Tue, 26 September 2017 16:05 UTC

Return-Path: <brw@brandenwilliams.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 093431326F6 for <kitten@ietfa.amsl.com>; Tue, 26 Sep 2017 09:05:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brandenwilliams.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-TXVqMPfnPn for <kitten@ietfa.amsl.com>; Tue, 26 Sep 2017 09:05:41 -0700 (PDT)
Received: from mail.kickinit.net (altair.brw.net [64.129.152.237]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3AA132E24 for <kitten@ietf.org>; Tue, 26 Sep 2017 09:05:41 -0700 (PDT)
Received: from [10.69.70.5] (unknown [47.185.156.197]) (Authenticated sender: brw) by mail.kickinit.net (Postfix) with ESMTPSA id 9B86E361054 for <kitten@ietf.org>; Tue, 26 Sep 2017 11:05:40 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=brandenwilliams.com; s=201709; t=1506441940; bh=InTy+yDamKs8uH6k2Fb/THlAiv72z5jr5dIKyluDdIE=; h=Date:Subject:From:To:From; b=bcG2MaOlVnboJB/y+p1mA4yLvhjLJQfEvi83dTTTriSq2juD9jaq9z+VUMAWb6JMk hSHkXOLiVIvtG1SpLzyr2mandll0JlW3ofjKibskAn4SG7I6W9FhP9iq2KctEDpzsy hgSc7RCO9tC3RO+jhsKxkdaYunm39gTIknc8uyJAmJH1E+sknnh60zjlzDdb6BUora VFGMq9CGwLVhYZmdJQ3vStKZq1p66x15laCN4tJFnAZ4+XZehzyCojydTJRyP3j22+ +36HkDHmuvfluAQiSp5DeQAqWavJ5Ynrp/0k4B6G6Y7+ZCAAZ3L6UqKL7pkL2NOGFb RZmo2boDUmBzw==
User-Agent: Microsoft-MacOutlook/f.26.0.170902
Date: Tue, 26 Sep 2017 11:05:40 -0500
From: Branden Williams <brw@brandenwilliams.com>
To: kitten@ietf.org
Message-ID: <6671C116-6813-4D0E-A8B1-4D93EB8D2E7A@brandenwilliams.com>
Thread-Topic: New Draft: Open Password Automation Recipe (OPAR) Protocol
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3589268740_1180382055"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/GCDHCTC7T2Xg9-27DwLMbn6YNxw>
Subject: [kitten] New Draft: Open Password Automation Recipe (OPAR) Protocol
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 16:06:49 -0000

Good day!

 

I’m happy to announce my first I-D submission here: https://tools.ietf.org/html/draft-bwilliams-kitten-opar-00 

 

Problem Description:

There is no standard way for a Password Manager (1Password, LastPass, etc.) to understand what constitutes a compliant password on a site to site basis. Often times, the format that it suggests does not comply with the website’s password policy (wrong special characters, wrong length, wrong count of upper v. lower v. numbers). The attached proposal attempts to solve this by allowing website owners to embed their password policy programmatically into a JSON object that a password manager can read to automatically suggest a strong and compliant password. This would promote usability of password managers as well as improve the user experience. (Note: I do not work for any company that creates a password manager.)

 

Success:

Publication of this doc as a Proposed Standard. This would allow website owners to programmatically describe compliant passwords so password managers can suggest, transmit, and store the maximum strength compliant password possible for the website. Ideally, all developers that build password managers could implement the standard to improve their user experience. This could potentially also improve user experience for those with ADA (or non-US equivalent) requirements.

 

Discussion:

Please discuss here on kitten@ietf.org! As this is my first submission, I am open to any and all comments.

 

Regards,

 

Branden R. Williams, DBA, CISSP, CISM

brw@brandenwilliams.com

Phone: +1 (214) 727-8227

 

http://www.brandenwilliams.com/

v2.23.0 | Report a Bug | By Email