Sam, Is your suggestion that there is a better existing working group, or to establish one through the BOF process? We are interested both in leveraging at the application layer an authentication context established by TLS between A and B (as opposed to relying on an SSO assertion from C to B that C has authenticated A), and in carrying A's authorization-related attributes (pre-signed by C) within that context. I was aware of this discussion only because it came to TLS, and would welcome a pointer to the right forum. -----Original Message----- From: Sam Hartman Sent: Thursday, February 12, 2009 5:40 PM To: Josh Howlett Cc: Hannes Tschofenig; tls@xxxxxxxx; ietf@xxxxxxxx Subject: Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07 [...] For these reasons I support the publication of a standard in this space. I don't object to this work going to the TLS working group provided that 1) it is within their current charter 2) They commit to do the work and have sufficient energy to move it forward quickly. I do object to moving the discussion of whether to solve this problem to the TLS working group. I don't think that is the right forum: the TLS working group does not collect the people who would benefit from this work. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf