EKR's note seems to have sparked discussions in the right direction.
When he and I talked about the upcoming BOF, I had asked him to start
this conversation so that we could drill down to what a potential
working group might work on and give some structure to the BOF.
Here's what I have in mind:
There are folks with assorted ideas about what problems need to be
solved and what sorts of solutions need to be applied. I think EKR's
message did most of the leg work of separating out the problem
spaces. IMO many of the problems can be addressed by separate
independent mechanisms that fit together (i.e., they don't require "a
grand solution"). My desire is to have the BOF break out these
mechanisms and see if we can come up with a list of what problems a
working group would solve. Here's a list of questions to guide the
endeavor. I expect anyone who wants to propose a problem and/or
solution to be able to say how their proposal answers these questions:
- What problem does this address that isn't addressed by a local
"keychain" or information database on the client? (For example,
possible answers include: "The problem of not having to change the
local user agent" and "The problem of portability".) What's the
downside if we don't solve those problems?
- Does the mechanism use or extend currently deployed web
authentication mechanisms (client side and server side)? If not, why
not?
- Is the client able to decide which identifying information goes to
the server?
- Does the mechanism involve 3rd parties for authentication or
identifying info? Does the 3rd party need to be trusted by the
relying party?
- Does the mechanism use a format for the information that has widely
available implementations?
- Are you using a mechanism to authenticate the information that has
widely available implementations?
I'll probably have more questions, but these are along these lines of
the ones you should be thinking about. Answers to these here on the
list will help me formulate agenda items. (Note that I have framed
these as implementation questions and not architectural ones.
However, keep in mind that the answers you give have serious
architectural implications.)
pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
