Re: [ldapext] OATH-LDAP as ldapext WG item?

Simo Sorce <idra@samba.org> Fri, 27 November 2015 15:06 UTC

Return-Path: <idra@samba.org>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F05C1B34EE for <ldapext@ietfa.amsl.com>; Fri, 27 Nov 2015 07:06:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.286
X-Spam-Level:
X-Spam-Status: No, score=-2.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wukU2UcAwpTJ for <ldapext@ietfa.amsl.com>; Fri, 27 Nov 2015 07:06:45 -0800 (PST)
Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::147:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 960A01B34EA for <ldapext@ietf.org>; Fri, 27 Nov 2015 07:06:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42627210; h=Date:To:From:Message-ID; bh=C+/709jDY2zf95L2V2qC3Ckv7eM28AfjQq3e3OUdoIE=; b=szDBNrLUkk+n8OBxA8urmLLLUPeTW+OBNQmA/wgwCn1atH3Hbo4AtUxJ38ZEs/mu136sVK/Ewat7S2kuJeVLmft8k7TxsicdJrK05njzvMPmcM72khmLnudCNyzQZ/bv0h8R5oFBovWjlJIcm3qionFzspYYF7L0dQJxl3zXGZM=;
Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim) id 1a2Kbn-0001mF-J1; Fri, 27 Nov 2015 15:06:47 +0000
Message-ID: <1448636792.4732.32.camel@samba.org>
From: Simo Sorce <idra@samba.org>
To: Michael =?ISO-8859-1?Q?Str=F6der?= <michael@stroeder.com>, Petr Spacek <pspacek@redhat.com>, ldapext@ietf.org
Date: Fri, 27 Nov 2015 10:06:32 -0500
In-Reply-To: <5655D502.8080103@stroeder.com>
References: <565478FA.6050502@stroeder.com> <5655C3A9.2040402@redhat.com> <5655D502.8080103@stroeder.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.16.5 (3.16.5-3.fc22)
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/0ScgPonMQ20gQZcOpFZcnTO9Mcg>
Subject: Re: [ldapext] OATH-LDAP as ldapext WG item?
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 15:06:47 -0000

On Wed, 2015-11-25 at 16:34 +0100, Michael Ströder wrote:
> Petr Spacek wrote:
> > On 24.11.2015 15:49, Michael Ströder wrote:
> > > HI!
> > > 
> > > Anyone here interested in co-authoring an I-D describing OATH
> > > -LDAP (presented
> > > at LDAPcon 2015)?
> > > 
> > > Is there general interest to add this as ldapext WG item?
> > > 
> > > I have a schema for HOTP/TOTP (see attachment) and a reference
> > > implementation
> > > for HOTP and some thoughts on operational considerations. TOTP
> > > schema might
> > > need some small work and I have to adapt the implementation.
> > 
> > You might be interested in HOTP/TOTP implementation which is
> > available in
> > FreeIPA project. It is available in Fedora 22+ and CentOS 7.1+.
> > 
> > Related LDAP schema is on:
> > http://www.freeipa.org/page/V4/OTP/Schema
> > 
> > Feature design is on:
> > http://www.freeipa.org/page/V4/OTP
> 
> I already know this and I expected you to point me at it. ;-)
> 
> But I decided not to use it. Especially my aim is to define a non
> -proprietary
> approach useful for different vendors.

I'd be interested in understanding your point of view on what's
proprietary or not appropriate in the OTP schema FreeIPA uses.

We've put a lot of thought on how to deal with things like multimaster
replication and so on bu we'd like to improve if you see any
deficiency.

Simo.