The IESG has approved the following document: - 'A GSS-API Mechanism for the Extensible Authentication Protocol' (draft-ietf-abfab-gss-eap-09.txt) as Proposed Standard This document is the product of the Application Bridging for Federated Access Beyond web Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-abfab-gss-eap/ Technical Summary This document defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API) when using the EAP mechanism. Through the GS2 family of mechanisms, these protocols also define how Simple Authentication and Security Layer (SASL, RFC 4422) applications use the Extensible Authentication Protocol. Working Group Summary As "usual" with I-Ds with lots of technical content in the security area (especially true for GSS-related stuff) there are fewer reviews than one might want. This document is no better or worse than most in this respect. Sam Hartman (an author) had this concern during IETF LC that I'd like to check with the IESG to make sure we're ok with this document progressing now: "EAP (RFC 3748) has a applicability statement scoped very strictly to network access. This document provides a mechanism that falls well outside that applicability statement and permits the use of EAP for general application authentication. When ABFAB was chartered, there was a charter item to update the EAP applicability statement. I think A number of people in the room at the BOF, including myself, would have objected to the work being chartered had that charter item not been present. I think that work is important because I believe there are a number of important concerns that apply to the use of EAP for authentication beyond network access that need to be documented. Unfortunately, the technical specification has gotten ahead of the applicability statement update. I'm OK with that provided that we're still firmly committed to an applicability statement update. As part of approving this document now, I want to confirm that we have consensus at least within the ABFAB working group and the IESG to do that update. If there is any doubt I'd far prefer that this document be held until the applicability statement catches up." Document Quality There is one implementation (moonshot project) that spans multiple platforms. To our knowledge no other implementations exists or are planned. The one implementation has seen quite a bit of testing though expecially for the GSS-layer since lots of opensource applications have been modified to support ABFAB/GSS-EAP using moonshot. Personnel Leif Johansson is sheparding (co-chair) Stephen Farrell (AD)
