[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation

--------

Last Call to expire on: 2003-07-08

        Please return the full line with your position.

                      Yes  No-Objection  Discuss  Abstain
Harald Alvestrand    [   ]     [   ]     [   ]     [   ]
Steve Bellovin       [   ]     [   ]     [   ]     [   ]
Scott Bradner        [   ]     [   ]     [   ]     [   ]
Randy Bush           [   ]     [   ]     [   ]     [   ]
Patrik Faltstrom     [   ]     [   ]     [   ]     [   ]
Bill Fenner          [   ]     [   ]     [   ]     [   ]
Ned Freed            [   ]     [   ]     [   ]     [   ]
Ted Hardie           [ X ]     [   ]     [   ]     [   ]
Russ Housley         [   ]     [   ]     [   ]     [   ]
Allison Mankin       [   ]     [   ]     [   ]     [   ]
Thomas Narten        [   ]     [   ]     [   ]     [   ]
Erik Nordmark        [   ]     [   ]     [   ]     [   ]
Jon Peterson         [   ]     [   ]     [   ]     [   ]
Jeff Schiller        [   ]     [   ]     [   ]     [   ]
Margaret Wasserman   [   ]     [   ]     [   ]     [   ]
Bert Wijnen          [   ]     [   ]     [   ]     [   ]
Alex Zinin           [   ]     [   ]     [   ]     [   ]

2/3 (9) Yes or No-Objection opinions needed to pass.

DISCUSSES AND COMMENTS:
======================



^L 
---- following is a DRAFT of message to be sent AFTER approval ---
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce:;
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'LDAP 'Who am I?' Operation' to Proposed 
         Standard 

The IESG has approved the Internet-Draft 'LDAP 'Who am I?' Operation' 
<draft-zeilenga-ldap-authzid-08.txt> as a Proposed Standard. This document 
has been reviewed in the IETF but is not the product of an IETF Working 
Group. 
The IESG contact person is Ted Hardie.

The IESG has approved the Internet-Draft "LDAP "Who am I?" Operation",
draft-zeilenga-ldap-authzid-08.txt, as a Proposed Standard .

This has been reviewed in the IETF but is not the product of an IETF
Working Group. The IESG contact persons are Ted Hardie and Ned
Freed.  
  
Technical Summary

This document describes a mechanism for Lightweight Directory
Access Protocol (LDAP) clients to obtain the authorization identity
the server uses for them.  This mechanism, called "Who am I"
which the server has associated with the user or application entity.
This replaces the AUTHCTL mechanism, which uses Bind request and 
response controls to request and return the authorization identity.  
Bind controls are not protected by the security layers established by the 
Bind operation which they are transferred as part of.   An extended operation sent after a Bind operation is protected by the security layers established by the Bind operation.

This mechanism will also be used in cases where  the
authorization identity is requested seperately  from the Bind operation.  
For example, the "Who am I?" operation can be augmented with a Proxied 
Authorization Control [PROXYCTL] to determine the authorization identity 
which the server associates with the identity asserted in the Proxied Authorization
Control.  The "Who am I?" operation can also be used prior to the Bind
operation.

Working Group Summary
  
This was not a WG document, but has been discussed on various
mailing lists (LDAPEXT, LDAPBIS, etc.)  The only issue raised during
last call was whether this was suffciently distinguished from
draft-weltman-ldapv3-auth-response-09.txt, and this issue has been
resolved.

  
Protocol Quality
  
This document has been reviewed for the IESG by Ted Hardie.