Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>>>> "Josh" == Josh Howlett <Josh.Howlett@xxxxxx> writes:

    Josh> I have a long list of applications, collected from within
    Josh> this community, with which they would like to use SAML-based
    Josh> authorisation; and it seems to me that the ability for
    Josh> application protocols to share a common mechanism for
    Josh> expressing authorisation would mitigate or perhaps even
    Josh> avoid the need to make application-specific authorisation
    Josh> extensions.


The Kerberos community has many years of experience that within an
infrastructure, carrying authorizations in-band has been useful and
has reduced the effort required to fit an application into a larger
infrastructure.  Sometimes it reduces implementation cost in that
sometimes libraries can automatically handle some aspects of
authorization.  Mor often, it reduces the cost of specifying a
protocol or adapting a protocol that was not intended to work within a
given infrastructure to working within the infrastructure.  In many
cases, authorization handling becomes a matter for client libraries
and the server implementation, requiring little if any effort from the
client application or any changes to the client->server protocol.

As a result, it becomes significantly easier to expand the
authorization system. To a large extent, it becomes a matter of
updating the infrastructure, and updating only one side of the
application.  That is a huge savings in deployment and software
engineering complexity.



I would expect that SAML infrastructures could see similar benefits.

For these reasons I support the publication of a standard in this
space.  I don't object to this work going to the TLS working group
provided that 
1) it is within their current charter
2) They commit to do the work and have sufficient energy  to move it forward quickly.

I do object to moving the discussion of whether to solve this problem
to the TLS working group.  I don't think that is the right forum: the
TLS working group does not collect the people who would
benefit from this work.

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]