[SECMECH] AAA requirement for middleware

Josh Howlett <Josh.Howlett@bristol.ac.uk> Fri, 24 June 2005 10:07 UTC

Received: from localhost.localdomain ([] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dll5j-0008LG-2w; Fri, 24 Jun 2005 06:07:19 -0400
Received: from odin.ietf.org ([] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dll5h-0008LB-JK for secmech@megatron.ietf.org; Fri, 24 Jun 2005 06:07:17 -0400
Received: from ietf-mx.ietf.org (ietf-mx []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA23410 for <secmech@ietf.org>; Fri, 24 Jun 2005 06:07:15 -0400 (EDT)
Received: from dirg.bris.ac.uk ([]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DllUC-0000om-NL for secmech@ietf.org; Fri, 24 Jun 2005 06:32:37 -0400
Received: from shark.cse.bris.ac.uk ([]) by dirg.bris.ac.uk with esmtp (Exim 4.51) id 1Dll5A-0004mL-5l for secmech@ietf.org; Fri, 24 Jun 2005 11:06:50 +0100
Received: from localhost (localhost []) by shark.cse.bris.ac.uk (8.11.7-20030918/8.11.6) with ESMTP id j5OA5Yn16591 for <secmech@ietf.org>; Fri, 24 Jun 2005 11:05:34 +0100 (BST)
Date: Fri, 24 Jun 2005 11:05:34 +0100 (BST)
From: Josh Howlett <Josh.Howlett@bristol.ac.uk>
X-X-Sender: bujfxh@shark.cse.bris.ac.uk
To: secmech@ietf.org
Message-ID: <Pine.GSO.4.44.0506232014570.2267-100000@shark.cse.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: -2.8
X-Spam-Level: --
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Subject: [SECMECH] AAA requirement for middleware
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

Cross-realm AAA over RADIUS is growing extremely rapidly in my
environment (UK & European academic networking); for example, see
http://www.eduroam.org. This is being driven by an inter-Campus national
and international roaming requirement.

There is growing interest in re-using this infrastructure for
cross-realm Middleware functionality for other applications (thereby
providing similiar functionality to M/W architectures such as

However, there are no available means to provide an equivalent degree
of security as that provided by tunnelled EAP methods over EAPOL.

To a naive observer, it seems that what is required is a means of
encapsulating EAP in-band over TCP for application protocols. There is
a proposal from Funk et al (TLS/IA) to implement this within the TLS
handshake. Something of this ilk - perhaps ideally an EAP over SASL
mechanism - would be very welcome.

best regards, josh.

Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: josh.howlett@bris.ac.uk

SECMECH mailing list