SASL mech for SAML "Enhanced Clients" submitted

"Scott Cantor" <cantor.2@osu.edu> Thu, 27 May 2010 17:16 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: kitten@core3.amsl.com
Delivered-To: kitten@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7423A3A6B7B; Thu, 27 May 2010 10:16:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.824
X-Spam-Level:
X-Spam-Status: No, score=-1.824 tagged_above=-999 required=5 tests=[AWL=0.775, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxHCh79YwE2R; Thu, 27 May 2010 10:16:37 -0700 (PDT)
Received: from defang19.it.ohio-state.edu (defang19.it.ohio-state.edu [128.146.216.133]) by core3.amsl.com (Postfix) with ESMTP id BA6B63A6B57; Thu, 27 May 2010 10:16:36 -0700 (PDT)
Received: from defang6.it.ohio-state.edu (defang6.it.ohio-state.edu [128.146.216.86]) by defang19.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id o4RHGPaL028357; Thu, 27 May 2010 13:16:25 -0400
Received: from SNOWDOG (SNOWDOG.dyn.cio.osu.edu [164.107.161.86]) by defang6.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id o4RHGPS8001177; Thu, 27 May 2010 13:16:25 -0400
From: Scott Cantor <cantor.2@osu.edu>
To: sasl@ietf.org, kitten@ietf.org
Subject: SASL mech for SAML "Enhanced Clients" submitted
Date: Thu, 27 May 2010 13:16:27 -0400
Organization: The Ohio State University
Message-ID: <08e001cafdc0$577e8ce0$067ba6a0$@osu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acr9v8V2TYDFQ2jZTIC4rmGhnCMSRg==
Content-Language: en-us
X-CanIt-Geo: ip=128.146.216.86; country=US; region=OH; city=Columbus; latitude=39.9968; longitude=-82.9882; metrocode=535; areacode=614; http://maps.google.com/maps?q=39.9968,-82.9882&z=6
X-CanItPRO-Stream: outbound
X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.146.216.133
Cc: moonshot-community@jiscmail.ac.uk
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 17:16:38 -0000

Klaas, WGs,

My proposed SASL mechanism for SAML is here:
http://www.ietf.org/id/draft-cantor-ietf-sasl-saml-ec-00.txt

I used "EC" to differentiate it from Klaas' browser proposal.

I believe some obvious steps would be:

- address any questions about the differences between this and the browser
proposal
- consider whether to try to merge with Klaas' mechanism, proceed with both,
etc.
- obtain assistance from experts that have volunteered to incorporate
GSS-related changes or improvements
- consider how/whether to strengthen the security characteristics of the
mechanism(s)

-- Scott