[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Federated Authentication Beyond The Web: Problem Statement and Requirements
On 7/6/10 11:15 AM, Hannes Tschofenig wrote:
at the next IETF meeting we are going to have a BOF about "Federated Authentication Beyond The Web". In case you have not noticed the work relates to RADIUS and Diameter.
I wrote this very short problem statement document to explain the purpose of the BOF:
Let me know if you find the description useful. Feedback about the BOF topic would also be appreciated.
I find the description useful, however I would like to challenge the
MUST for RADIUS and/or Diamter. There are a number of Federated
Authentication for applications access protocols out there, SAML, OpenID
and others. RADIUS and Diamter are typically associated with network
access. And while I do see the attractiveness of marrying the two (and
thus leveraging existing trust fabrics), I wonder why you want to
restrict a priori to just those. As an example
and draft-wierenga-ietf-sasl-saml-00 specify the use of federated
authentication in a SASL context. And services like eduroam are an
example of the use of just RADIUS to implement federated authentication
for non-web applications.
I do understand that it is not possible nor desirable to take on
everything, but let's at least have this scoping discussion in the BoF.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.