On Mon, Jul 12, 2010 at 05:23:16PM -0400, Sam Hartman wrote: > Recently I've tried to use draft-ietf-kitten-gssapi-naming-exts in the > design of a GSS-API mechanism. > I think this is a good start but is not quite done yet. I agree. I'm not sure whether it's best to proceed to publication then later publish another RFC, or if it'd be best to cancel the IETF LC and improve this I-D. > draft-hartman-gss-eap-naming-00 discusses a couple of problems with > naming extensions: > > * The format of attribute names proposed in this specification is > incompatible with several of the things you'd like to name, in my case > including SAML attributes. > * The description of how to name SAML attributes currently in the > document is inconsistent with the SAML base specification > * The approach of naming things like SAML attributes entirely with a > * The approach of letting a mechanism create authenticated attributes > with an arbitrary URI makes the application's life really hard One or more of your bullet points is incomplete, Sam. > In addition, there is no way to get the identity of the issuer of a name > attribute. This is a big deal, IMO. > I've discussed these concerns with one of the authors, Nico Williams. I > have also requested time to present my concerns at the kitten meeting at > IETF 78. We should definitely discuss this next week. > I'm happy to help resolve these concerns up to and including becoming an > author of the document and writing significant text. I think that's a good idea, however I'll let my co-author comment on this as well, given that he's the primary author now :) Nico -- _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf