[secdir] [New-work] WG Review: Recharter of Common Authentication Technology Next Generation (kitten)

IESG Secretary <iesg-secretary@ietf.org> Thu, 08 July 2010 21:00 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id E79783A696F; Thu, 8 Jul 2010 14:00:03 -0700 (PDT)
X-Original-To: new-work@ietf.org
Delivered-To: new-work@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 6AF3C3A68FD; Thu, 8 Jul 2010 14:00:01 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
Mime-Version: 1.0
Message-Id: <20100708210001.6AF3C3A68FD@core3.amsl.com>
Date: Thu, 08 Jul 2010 14:00:01 -0700
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Mon, 12 Jul 2010 09:21:32 -0700
Subject: [secdir] [New-work] WG Review: Recharter of Common Authentication Technology Next Generation (kitten)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2010 21:00:04 -0000

A modified charter has been submitted for the Common Authentication
Technology Next Generation (kitten) working group in the Security Area of
the IETF.  The IESG has not made any determination as yet.  The modified
charter is provided below for informational purposes only.  Please send
your comments to the IESG mailing list (iesg@ietf.org) by Thursday, July
15, 2010.

Common Authentication Technology Next Generation (kitten)
Current Status: Active Working Group

Last modified: 2010-07-08


	Tom Yu <tlyu@mit.edu>
	Shawn Emery <shawn.emery@oracle.com>

Security Area Director(s):
	Tim Polk <tim.polk@nist.gov>
	Sean Turner <turners@ieca.com>

Security Area Advisor:
	Tim Polk <tim.polk@nist.gov>

Mailing Lists:
	General Discussion: kitten@ietf.org
	To Suscribe: https://www.ietf.org/mailman/listinfo/kitten

Description of Working Group:

The Generic Security Services (GSS) API and Simple Authentication and 
Security Layer (SASL) provide various applications with a security 
framework for secure network communication.  The purpose of the Common 
Authentication Technology Next Generation (Kitten) working group (WG) is 
to develop extensions/improvements to the GSS-API, shepherd specific 
GSS-API security mechanisms, and provide guidance for any new SASL-
related submissions.
This working is chartered to specify the following extensions and 
improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API:

* Provide new interfaces for credential management, which include the 
	initializing credentials
	iterating credentials
	exporting/importing credentials

* Specify interface for asynchronous calls.

* Define interfaces for better error message reporting.

* Provide a more programmer friendly GSS-API for application developers.
This could include reducing the number of interface parameters, for 
example, by eliminating parameters which are commonly used with the 
default values.

This WG is also chartered to transition proposed SASL mechanisms as
GSS-API mechanisms:

* A SASL Mechanism for OpenID
* A SASL Mechanism for SAML

The transition from SASL to GSS-API mechanisms will allow a greater set 
of applications to utilize said mechanisms with SASL implementations 
that support the use of GSS-API mechanisms in SASL (draft-ietf-sasl-

* Shepherd draft-ietf-sasl-digest-to-historic to publication.

This WG should review proposals for new SASL and GSS-API mechanisms, but
may take on work on such mechanisms only through a revision of this 
charter.  The WG should also review non-mechanism proposals related to 
SASL and the GSS-API. However, work that adds SASL or GSS-API support in 
application protocols should be handled by the application's WG.


* GSS-API: initializing credentials
[editor: TBD]

* GSS-API: iterating credentials
[editor: TBD]

* GSS-API: exporting/importing credentials
[editor: TBD]

* GSS-API: specification for asynchronous calls
[editor: TBD]

* GSS-API: interfaces/improvements for better error message reporting
[editor: TBD]

* GSS-API: programmer friendly interfaces
[editor: TBD]

* GSS-API: transition SASL mechanism for OpenID
[editor: TBD]

* GSS-API: transition SASL mechanism for SAML
[editor: TBD]

* GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana
[editor: Nicolas Williams]

* GSS-API: publish draft-ietf-kitten-gssapi-naming-exts
[editor: Leif Johansson]

* SASL: publish draft-melnikov-digest-to-historic
[editor: Alexey Melnikov]

Goals and Milestones:

June 2010	Submit naming-exts to the IESG as Proposed Standard
June 2010	WGLC on gssapi-extensions-iana
July 2010	Submit gssapi-extensions-iana to the IESG as Proposed Standard
TBD             Other Listed Work Items
New-work mailing list