[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Internal WG Review: Credential and Provisioning (enroll)

To: iesg@ietf.org, iab@iab.org, Eric Rescorla <ekr@rtfm.com>, Paul Hoffman <phoffman@imc.org>
Subject: Internal WG Review: Credential and Provisioning (enroll)
From: iesg-secretary@ietf.org
Date: Wed, 08 Oct 2003 13:42:07 -0400

A new IETF working group is being considered in the Security Area.  
The draft charter for this working group is provided below for your review 
and comment.

Review time is one week.

The IETF Secretariat. 

 Credential and Provisioning (enroll)
 ------------------------------------

 Last Modified: 2003-10-8

 Current Status: Proposed Working Group

 Chair(s):

        Eric Rescorla <ekr@rtfm.com>
        Paul Hoffman <phoffman@imc.org>

 Security Area Director(s):
        Russell Housley <housley@vigilsec.com>
        Steven Bellovin <smb@research.att.com>

 Security Advisor:
        Don Eastlake 

    Mailing list: ietf-enroll@mit.edu
    To Subscribe: mailman@mit.edu
    In Body or Subject: subscribe
    Archive:

 There are many cases where a service consumer needs to contact a
 service provider to get credentials that the consumer can use when
 accessing the service; part of this initial contact may involve
 the consumer and the provider mutually validating the other's identity.
 This working group will look at some of the cases where cryptography
 is used to provide authentication.

 When doing enrollment of a service consumer against a service provider,
 three pieces of information need to be provided or created in order to
 support authentication of the service consumer to the service provider
 (and visa versa) and to allow for additional security services to be
 provided any information exchanged. These pieces of data are:

       1. An identifier, within a namespace controlled by the service
                 provider, for the service consumer.
       2. Keying information to be used for identity confirmation.
       3. A set of service consumer permissions. These permissions
                 describe to the provider the services that the consumer
                 wants to access, and they describe to the consumer what
                 services offered by the provider will be accessable.

 Each of these data items could be created by either the consumer or
 provider at any point during the enrollment process.

 This group will create a model to be used in describing enrollment
 procedures and create a document for a framework how this is to be done.
 The group will then produce three documents profiling the use of the
 framework for the following types of keying material:

       1. A shared secret key.
       2. A bare asymmetric key.
       3. A bound asymmetric key (such as an X.509 certificate).

 As part of the validation of the framework, the group will examine how
 other real world enrollment procedures could be profiled. For example,
 credit card information might be part of the input to the enrollment
 process.

 Goals and Milestones:

 Nov 2003 First draft of model
 Feb 2004 Last call on model document
 Feb 2004 First draft of Framework document
 Jun 2004 Last call on module document
 May 2004 First draft of secret key profile
 May 2004 First draft of bare asymmetric key profile
 May 2004 First draft of bound asymmetric key profile
 Oct 2004 Last call on secret key profile
 Oct 2004 Last call on bare asymmetric key profile
 Oct 2004 Last call on bound asymmetric key profile

Follow-Ups:
- Re: Internal WG Review: Credential and Provisioning (enroll)
  - From: "James Kempf" <kempf@docomolabs-usa.com>

Prev by Date: Re: [xmppwg] Major SASL issues (was Re: Last Call: 'XMPP Core' to Proposed Standard)
Next by Date: Re: Fwd: NomCom Volunteer List
Previous by thread: RE: IESG Issue 1
Next by thread: Re: Internal WG Review: Credential and Provisioning (enroll)
Index(es):
- Date
- Thread