Identity Services Beyond Web SSO (was RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07)

Hi Hannes, Hans wrote: > Josh wrote: > > Hans wrote: > > > Josh wrote: > > > >I have a long list of applications, collected from within this > > > >community, with which they would like to use SAML-based > > > > authorisation; > > > > > > Interesting. Any interest to share it with us? > > > > I'

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Hannes, > My fear about SAML in TLS was a history like the following one: > * Hmmm. SAML becomes popular. We should put it in every protocol. > * There isn't an extension for TLS defined yet. Let's do it. > * Now, let's search for the problems it could solve. If the argument that you're ma

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Josh, >Hi Hans, > >> >Hannes wrote: >> >> Melinda wrote: >> >> > >> >> > and that there are >> >> > some non-trivial advantages to carrying authorizations in-band. >> >> Namely... >> > >> >I don't wish to speak for Melinda, but this is a view >shared by many >> >within my own community. >>

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On >Behalf Of Sam Hartman >Sent: 13 February, 2009 00:40 >To: Josh Howlett >Cc: Melinda Shore; Hannes Tschofenig; t...@ietf.org; ietf@ietf.org >Subject: Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07 > >>>>>&

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

I too would like to figure out what the questions are. The draft is not about carrying "authorizations" in TLS, or that "The main issue with these authorization extensions inside TLS is that they happen at the wrong layer" as stated by Hannes Tschofenig. Authorization happens at the application l

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

ruary 12, 2009 5:40 PM To: Josh Howlett Cc: Hannes Tschofenig; t...@ietf.org; ietf@ietf.org Subject: Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07 [...] For these reasons I support the publication of a standard in this space. I don't object to this work going to the TLS wor

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

On 2/12/09 4:47 PM, "Josh Howlett" wrote: > I have a long list of applications, collected from within this > community, with which they would like to use SAML-based authorisation; > and it seems to me that the ability for application protocols to share a > common mechanism for expressing authorisa

RE: TLS WG Chair Comments on draft-ietf-tls-authz-07

Michael StJohns wrote: > I went to review the bidding on the TLS mailing list covering this > period and it appears the archives at > http://www.ietf.org/mail-archive/web/tls/current/maillist.html only > go back to the beginning of the year. Could you point me at a more > complete archive coveri

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Sam Hartman wrote: > The Kerberos community has many years of experience that > within an infrastructure, carrying authorizations in-band has > been useful and has reduced the effort required to fit an > application into a larger infrastructure. Just a quick plug, following Sam's comments: aug

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Hans, > >Hannes wrote: > >> Melinda wrote: > >> > > >> > and that there are > >> > some non-trivial advantages to carrying authorizations in-band. > >> Namely... > > > >I don't wish to speak for Melinda, but this is a view shared by many > >within my own community. > > > >I have a long list o

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

and that there are some non-trivial advantages to carrying authorizations in-band. Namely... Independance between payload and security measures. Piggybagging information on lower layers is a very old concept. https was successful over shttp. I think the patent is made by trolls. The

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Josh, >Hannes wrote: >> Melinda wrote: >> > >> > and that there are >> > some non-trivial advantages to carrying authorizations in-band. >> Namely... > >I don't wish to speak for Melinda, but this is a view shared >by many within my own community. > >I have a long list of applications, colle

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

> "Josh" == Josh Howlett writes: Josh> I have a long list of applications, collected from within Josh> this community, with which they would like to use SAML-based Josh> authorisation; and it seems to me that the ability for Josh> application protocols to share a common mechan

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hannes wrote: > Melinda wrote: > > > > and that there are > > some non-trivial advantages to carrying authorizations in-band. > Namely... I don't wish to speak for Melinda, but this is a view shared by many within my own community. I have a long list of applications, collected from within this c

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Melinda, >On 2/12/09 1:16 PM, "Hannes Tschofenig" > wrote: >> The main issue I have been struggeling with these authorization >> extensions inside TLS is that they happen at the wrong layer. > >I don't know about that - I think it really depends on how the >TLS session is being used, etc.

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

On 2/12/09 1:16 PM, "Hannes Tschofenig" wrote: > The main issue I have been struggeling with these authorization extensions > inside TLS is that they happen at the wrong layer. I don't know about that - I think it really depends on how the TLS session is being used, etc. I think that the more ab

RE: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Hannes >-Original Message- >From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On >Behalf Of Angelos D. Keromytis >Sent: 12 February, 2009 11:21 >To: Alfred HÎnes >Cc: d...@av8.com; t...@ietf.org; ietf@ietf.org >Subject: Re: [TLS] TLS WG Chair Comments on dr

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

Alfred, neither of the cited KeyNote drafts (nor the KeyNote system itself) is patent-encumbered. However, I admit to not (yet) having paid close attention to the details of the IPR issues around tls-authz-extns itself and their potential impact to tls-authz-keynote. I have started draft-k

Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

At Wed, 11 Feb 2009 16:20:14 -0500 (EST), Dean Anderson wrote: > ... And as > programmer and developer, I will probably have some non-patented > alternatives to present. > > --Dean Dean, that's really laudable progress, leading

Re: TLS WG Chair Comments on draft-ietf-tls-authz-07

On Wed, 11 Feb 2009 16:29:05 -0800 "Hallam-Baker, Phillip" wrote: > Could I just point out here the real risk that this relevant > objection might get lost in the sea of irrelevant aggitation from the > FSF supporters? > I agree. Let's move the substantive discussion to the TLS WG mailing list

RE: TLS WG Chair Comments on draft-ietf-tls-authz-07

: TLS WG Chair Comments on draft-ietf-tls-authz-07 As chairs of the TLS Working Group, we request that the IESG not approve draft-ietf-tls-authz-07 as a Proposed Standard. This document was initially brought to the TLS WG, which passed on it due to lack of interest and it was subsequently advanced

TLS WG Chair Comments on draft-ietf-tls-authz-07

As chairs of the TLS Working Group, we request that the IESG not approve draft-ietf-tls-authz-07 as a Proposed Standard. This document was initially brought to the TLS WG, which passed on it due to lack of interest and it was subsequently advanced as an individual submission, but IESG approval was

Re: TLS WG Chair Comments on draft-ietf-tls-authz-07

At 11:37 11-02-2009, Tim Polk wrote: I will rectify the situation this week and request that the TLS WG review the document to gauge interest in this area. I would be delighted to Are you requesting that the TLS WG review an Internet-Draft that expired in December 2006? Regards, -sm

Re: TLS WG Chair Comments on draft-ietf-tls-authz-07

Eric & Joe, In retrospect, I certainly should have consulted with the TLS WG before initiating yet another Last Call. I failed to do so because the controversy had not centered on technical questions, but a great deal of time has passed, and the mechanism is clearly relevant to the scope of y

Re: TLS WG Chair Comments on draft-ietf-tls-authz-07

Hi Eric - I went to review the bidding on the TLS mailing list covering this period and it appears the archives at http://www.ietf.org/mail-archive/web/tls/current/maillist.html only go back to the beginning of the year. Could yo

Re: TLS WG Chair Comments on draft-ietf-tls-authz-07

On 2/11/09 9:47 AM, "Powers Chuck-RXCP20" wrote: > I am curious - is this a commitment by the TLS chairs to actually work > on this document? Or simply an attempt to prevent the IESG from > advancing a document that the WG previously declined to work on, and > could easily do so again? I have no

RE: TLS WG Chair Comments on draft-ietf-tls-authz-07

gt; Sent: Tuesday, February 10, 2009 11:34 PM > To: i...@ietf.org; ietf@ietf.org; > draft-housley-tls-authz-ex...@tools.ietf.org > Subject: TLS WG Chair Comments on draft-ietf-tls-authz-07 > > [Resent with proper addressing information] > > As chairs of the TLS Working Group,

TLS WG Chair Comments on draft-ietf-tls-authz-07

[Resent with proper addressing information] As chairs of the TLS Working Group, we request that the IESG not approve draft-ietf-tls-authz-07 as a Proposed Standard. This document was initially brought to the TLS WG, which passed on it due to lack of interest and it was subsequently advanced as an