On Mon, Jul 12, 2010 at 05:23:16PM -0400, Sam Hartman wrote:
Recently I've tried to use draft-ietf-kitten-gssapi-naming-exts in the
design of a GSS-API mechanism.
I think this is a good start but is not quite done yet.
I agree. I'm not sure whether it's best to proceed to publication then
later publish another RFC, or if it'd be best to cancel the IETF LC and
improve this I-D.
draft-hartman-gss-eap-naming-00 discusses a couple of problems with
naming extensions:
* The format of attribute names proposed in this specification is
incompatible with several of the things you'd like to name, in my case
including SAML attributes.
* The description of how to name SAML attributes currently in the
document is inconsistent with the SAML base specification
* The approach of naming things like SAML attributes entirely with a
* The approach of letting a mechanism create authenticated attributes
with an arbitrary URI makes the application's life really hard
One or more of your bullet points is incomplete, Sam.
In addition, there is no way to get the identity of the issuer of a name
attribute.
This is a big deal, IMO.
I've discussed these concerns with one of the authors, Nico Williams. I
have also requested time to present my concerns at the kitten meeting at
IETF 78.
We should definitely discuss this next week.
I'm happy to help resolve these concerns up to and including becoming an
author of the document and writing significant text.
I think that's a good idea, however I'll let my co-author comment on
this as well, given that he's the primary author now :)
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf