IETF Logo Mail Archive

RE: review of draft-wierenga-ietf-sasl-saml-00

"Scott Cantor" <cantor.2@osu.edu> Wed, 26 May 2010 18:41 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5DCA3A692E for <kitten@core3.amsl.com>; Wed, 26 May 2010 11:41:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.5
X-Spam-Level:
X-Spam-Status: No, score=0.5 tagged_above=-999 required=5 tests=[AWL=0.499, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QcDHNpvo4Tf2 for <kitten@core3.amsl.com>; Wed, 26 May 2010 11:41:44 -0700 (PDT)
Received: from defang19.it.ohio-state.edu (defang19.it.ohio-state.edu [128.146.216.133]) by core3.amsl.com (Postfix) with ESMTP id EC7983A6915 for <kitten@ietf.org>; Wed, 26 May 2010 11:41:42 -0700 (PDT)
Received: from defang10.it.ohio-state.edu (defang10.it.ohio-state.edu [128.146.216.79]) by defang19.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id o4QIfVva030254; Wed, 26 May 2010 14:41:31 -0400
Received: from SNOWDOG (SNOWDOG.dyn.cio.osu.edu [164.107.161.86]) by defang10.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id o4QIfUTp004960; Wed, 26 May 2010 14:41:30 -0400
From: Scott Cantor <cantor.2@osu.edu>
To: 'Sam Hartman' <hartmans-ietf@mit.edu>
References: <tslzkzn67n5.fsf@mit.edu> <077001cafc4b$603f0510$20bd0f30$@osu.edu> <4BFD2ECE.5020600@cisco.com> <07e801cafce5$4cf7f7b0$e6e7e710$@osu.edu> <tslvdaa4izt.fsf@mit.edu>
In-Reply-To: <tslvdaa4izt.fsf@mit.edu>
Subject: RE: review of draft-wierenga-ietf-sasl-saml-00
Date: Wed, 26 May 2010 14:41:32 -0400
Organization: The Ohio State University
Message-ID: <082501cafd03$0fe0f250$2fa2d6f0$@osu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLRbl7pt5nj/GkkimyEmmW8RXcC0wEhdeLrAhdHfmYCs1lfWwFbRpYxkBzsvvA=
Content-Language: en-us
X-CanIt-Geo: ip=128.146.216.79; country=US; region=OH; city=Columbus; latitude=39.9968; longitude=-82.9882; metrocode=535; areacode=614; http://maps.google.com/maps?q=39.9968,-82.9882&z=6
X-CanItPRO-Stream: outbound
X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.133
Cc: kitten@ietf.org, moonshot-community@jiscmail.ac.uk, draft-wierenga-ietf-sasl-saml@tools.ietf.org
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2010 18:41:45 -0000

> Scott, I'm happy to work with you to figure out if channel binding
> support is possible in your approach.

I plan to take you up on it. To ease the process of comparing the
approaches, I think it's easiest to produce a simple draft initially, which
highlights some of the issues you mentioned, but leaves things as is for the
same compatibility reasons that Klaas had. The result may be a merging of
the proposals, or not.

Related to this, for example, I'm in favor of supporting a way to tie the
SAML assertion in the response to a key at the TLS layer (holder of key via
client TLS, in other words). That's an addition to the SAML profile I'm
basing this work on, which is why I'm not starting there, to simplify the
compatibility story. I probably will go back to OASIS to get a HoK version
of the ECP profile created, and then I can just reference it.

I'm fairly far along since starting on this last night so I should have
something soon.

-- Scott

v2.23.0 | Report a Bug | By Email