The Common Authentication Technology Next Generation (kitten) working group in the Security Area of the IETF has been rechartered. For additional information, please contact the Area Directors or the working group Chairs. Common Authentication Technology Next Generation (kitten) --------------------------------------------------- Current Status: Active Working Group Chairs: Alexey Melnikov <alexey.melnikov@isode.com> Tom Yu <tlyu@mit.edu> Shawn Emery <shawn.emery@oracle.com> Security Area Directors: Stephen Farrell <stephen.farrell@cs.tcd.ie> Sean Turner <turners@ieca.com> Security Area Advisor: Stephen Farrell <stephen.farrell@cs.tcd.ie> Mailing Lists: General Discussion: kitten@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/kitten Archive: http://www.ietf.org/mail-archive/web/kitten/ Description of Working Group: The Generic Security Services (GSS) API and Simple Authentication and Security Layer (SASL) provide various applications with a security framework for secure network communication. The purpose of the Common Authentication Technology Next Generation (Kitten) working group (WG) is to develop extensions/improvements to the GSS-API, shepherd specific GSS-API security mechanisms, and provide guidance for any new SASL- related submissions. This working is chartered to specify the following extensions and improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API: * Provide new interfaces for credential management, which include the following: initializing credentials iterating credentials exporting/importing credentials * Specify interface for asynchronous calls. * Negotiable replay cache avoidance * Define interfaces for better error message reporting. * Provide a more programmer friendly GSS-API for application developers. This could include reducing the number of interface parameters, for example, by eliminating parameters which are commonly used with the default values. * Specify an option for exporting partially-established security contexts and possibly a utility function for exporting security contexts in an encrypted form, as well as a corresponding utility function to decrypt and import such security context tokens. This WG is also chartered to finalize proposed SASL mechanisms as GSS-API mechanisms (based on RFC 5801): * A SASL Mechanism for OpenID draft-ietf-kitten-sasl-openid * SASL Mechanisms for SAML: draft-ietf-kitten-sasl-saml draft-cantor-ietf-kitten-saml-ec The SAML mechanism drafts will include applicability statement text to highlight when each is appropriate for use. * A SASL Mechanism for OAuth draft-mills-kitten-sasl-oauth The transition from SASL to GSS-API mechanisms will allow a greater set of applications to utilize said mechanisms with SASL implementations that support the use of GSS-API mechanisms in SASL (RFC 5801). This WG should review proposals for new SASL and GSS-API mechanisms, but may take on work on such mechanisms only through a revision of this charter. The WG should also review non-mechanism proposals related to SASL and the GSS-API. However, work that adds SASL or GSS-API support in application protocols is out of scope and should be handled by the corresponding application's WG. Deliverables: * GSS-API: initializing credentials * GSS-API: iterating credentials * GSS-API: exporting/importing credentials * GSS-API: specification for asynchronous calls * GSS-API: interfaces/improvements for better error message reporting * GSS-API: programmer friendly interfaces * SASL: SASL mechanism for OpenID * SASL: SASL mechanisms for SAML * SASL: SASL mechanism for OAuth * GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana Goals and Milestones: Jul 2011 Submit SASL OpenID mechanism to the IESG as Proposed Standard Jul 2011 Submit naming-exts to the IESG as Proposed Standard Jul 2011 WGLC on gssapi-extensions-iana Aug 2011 Submit SASL SAML mechanisms to the IESG as Proposed Standard Sep 2011 Submit gssapi-extensions-iana to the IESG as Proposed Standard Oct 2011 Submit SASL OAuth mechanism to the IESG as Proposed Standard _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
