Is your suggestion that there is a better existing working group, or to
establish one through the BOF process? We are interested both in
leveraging at the application layer an authentication context
established by TLS between A and B (as opposed to relying on an SSO
assertion from C to B that C has authenticated A), and in carrying A's
authorization-related attributes (pre-signed by C) within that context.
I was aware of this discussion only because it came to TLS, and would
welcome a pointer to the right forum.
From: Sam Hartman
Sent: Thursday, February 12, 2009 5:40 PM
To: Josh Howlett
Cc: Hannes Tschofenig; tls(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Subject: Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
For these reasons I support the publication of a standard in this
space. I don't object to this work going to the TLS working group
1) it is within their current charter
2) They commit to do the work and have sufficient energy to move it
I do object to moving the discussion of whether to solve this problem
to the TLS working group. I don't think that is the right forum: the
TLS working group does not collect the people who would
benefit from this work.
Ietf mailing list