Loading ...
Sorry, an error occurred while loading the content.

New draft: draft-mills-kitten-sasl-oauth: Tunneled HTTP Authentication For SASL

Expand Messages
  • Bill Mills
    Hi, I ve posted a new draft. https://tools.ietf.org/html/draft-mills-kitten-sasl-oauth-03 I believe there is one open issue, and that is whether we re going to
    Message 1 of 1 , Jul 8, 2011
    View Source
    • 0 Attachment
      Hi,

      I've posted a new draft.

      https://tools.ietf.org/html/draft-mills-kitten-sasl-oauth-03

      I believe there is one open issue, and that is whether we're going to include text defining how Tunneled HTTP authentication (started as OAuth) works with GSS-API. I am coming more and more to the opinion that the GSS-API definition is going to be very auth mechanism specific. This draft only defines what SASL needs currently, which is user auth. GSS-API has message integrity as well, and possibly other things that can be mapped into HTTP auth schemes, and I think it's going to be required that the auth schemes define their capabilities and GSS_API mappings.

      The draft also fixes the channel binding text, not tls-unique specific. Also defining how the CB data is properly generated.

      Subject to the open issue above (which could be significant) I think this is close to a last call.

      Does this draft need some discussion time in Quebec? If so I'll need to make travel plans.

      Thanks,

      -bill

      Meta-Data from the Draft
      Document draft-mills-kitten-sasl-oauth
      [View first two pages]

      * [Txt version ]
      * [Pdf version ]
      * [Xml version ]

      Revision 03
      WG Individual Submission
      Document date 2011-07-01
      Submission date 2011-07-02
      Title Tunneled HTTP Authentication For SASL
      Author information
      Author 1 William Mills <wmills@...>
      Author 2 Tim Showalter <timshow@...>
      Author 3 Hannes Tschofenig <hannes.tschofenig@...>
      Abstract Simple Authentication and Security Layer (SASL) is a framework for
      providing authentication and data security services in connection-
      oriented protocols via replaceable mechanisms. OAuth is a protocol
      framework for delegated HTTP authentication and thereby provides a
      method for clients to access a protected resource on behalf of a
      resource owner.

      This document defines the use of HTTP authentication over SASL, and
      additionally defines authorization and token issuing endpoint
      discovery. Thereby, it enables schemes defined within the OAuth
      framework for non-HTTP-based application protocols.

      A significant benefit of OAuth for usage in clients that usually
      store passwords is storing tokens instead of passwords. This is much
      lower risk since tokens can be more limited in scope of access and
      can be managed and revoked separately from the user credential
      (password).
      Pages 24
    Your message has been successfully submitted and would be delivered to recipients shortly.