I too would like to figure out what the questions are. The draft is not about carrying "authorizations" in TLS, or that "The main issue with these authorization extensions inside TLS is that they happen at the wrong layer" as stated by Hannes Tschofenig. Authorization happens at the application layer. Data is transported at the transport layer. The draft is about carrying data (SAML assertions, attribute certificates, or pointers thereto) that can be used or ignored by applications when those applications make authorization decisions. What application domain is involved when I hand someone a certificate (driver's license) stating that I was born on MMDDYYYY? It only becomes part of an application domain when the "someone" is instantiated as a store clerk who needs to decide whether I am authorized to buy cigarettes or liquor. The clerk is doing the authorization, not the certificate. Since Mr. Anderson is so exercised about the word "authorization" in the name of the I-D, perhaps it should be renamed "draft-ietf-tls-attributes-07". That would avoid the IPR issues entirely, since one can transport an attribute certificate without ever using it to authorize anything. -----Original Message----- From: Josh Howlett [...] > My experience: authorization is often related to the specific > application domain. I agree insofar as 'authorisation' is often an exercise in making statements using semantics that are specific to application domains, but I don't believe it follows that the syntactical and transport elements (that support the semantic expression) also need to be specific to the application domain. [...] > Looking forward to see your solutions. I have no answers; I'm still trying to figure out what the questions are :-/ _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf