Kitten (GSS-API Next Generation) (kitten)
-----------------------------------------

Charter
Last Modified: 2008-08-21

Current Status: Active Working Group

Chair(s):
    Shawn Emery  <[email protected]>
    Alexey Melnikov  <[email protected]>

Security Area Director(s):
    Tim Polk  <[email protected]>
    Pasi Eronen  <[email protected]>

Security Area Advisor:
    Tim Polk  <[email protected]>

Mailing Lists:
    General Discussion:[email protected]
    To Subscribe:      https://www.ietf.org/mailman/listinfo/kitten
    Archive:           http://www.ietf.org/mail-archive/web/kitten/current/maillist.html

Description of Working Group:

The Generic Security Services API [RFC 2743, RFC 2744] provides an API
for applications to set up security contexts and to use these contexts
for per-message protection services. The Common Authentication
Technology Next Generation Working Group (Kitten) will work on
standardizing extensions and improvements to the core GSSAPI
specification and language bindings that the IETF believes are
necessary
based on experience using GSSAPI over the last 10 years. Extensions may
be published as separate drafts or included in a GSSAPI version 3.
While
version 2 of the GSSAPI may be clarified, no backward incompatible
changes will be made to this version of the API.

This working group is chartered to revise the GSSAPI v2 RFCs for the
purpose of clarifying areas of ambiguity:
o Use of channel bindings
o Thread safety restrictions
o C language utilization clarifications and recommendations
(e.g., type utilization, name spaces)
o Guidelines for GSS-API mechanism designers
o Guidelines for GSS-API application protocol designers

This working group is chartered to specify a non-backward compatible
GSSAPI v3 including support for the following extensions:
o Clarify the portable use of channel bindings and better specify
channel bindings in a language-independent manner.
o Specify thread safety extensions to allow multi-threaded applications
to use GSSAPI
o Definitions of channel bindings for TLS, IPSec, SSH and other
cryptographic channels based on work started in the NFSV4 working
group.
o Define a GSSAPI extension to allow applications to store credentials.
Discussions to be started based upon:
o draft-williams-gss-store-deleg-creds-xx.txt
o Extensions to solve problems posed by the Global Grid Forum's GSSAPI
extensions document.
o Extensions to deal with mechanism-specific extensibility in a
multi-mechanism environment.
o Extend the GSS-API to support authorization by portable GSS
applications while also supporting mechanisms that do not have a
single canonical name for each authentication identity.
o Specify a Domain-based GSS service principal name consisting of:
service name, host name, and domain name for use by application
services hosted across multiple servers.
o Extensions to support stackable GSSAPI mechanisms.
o Define a Psuedo-Random Function for GSSAPI

This working group is chartered to perform the following GSSAPI
mechanism specification work:

o Specify a GSSAPI v2/v3 Channel Conjunction Mechanism
o Revise RFC 2748 (SPNEGO) to correct problems that make the
specification unimplementable and to document the problems
found in widely-deployed attempts to implement this spec.
o Update the GSSAPI Java Language Bindings to match actual
implementation

This working group is chartered to perform the following new GSSAPI
Language Binding specification work:

o Specify a language binding for C#

DELIVERABLES

Either:
o Clarifications to GSSAPIv2 (May 2005 to IESG)Informational
[editor: TBD]
Or:
o Generic Security Service Application Program Interface Version 2,
Update 2
[editor: TBD]
o Generic Security Service API Version 2, Update 1 : C-bindings
[editor: TBD]
End:

o The Channel Conjunction Mechanism (CCM) for the GSSAPI
[editors: Mike Eisler/Nicolas Williams]
(based on draft-ietf-nfsv4-ccm, which has been discussed previously in
the NFSv4 WG)

o On the Use of Channel Bindings to Secure Channels
[editor: Nicolas Williams]
(based on draft-ietf-nfsv4-channel-bindings, which has been discussed
previously in the NFSv4 WG)

o GSSAPIv3
[editor: to be determined]

o Stackable Generic Security Service Pseudo-mechanisms
[editor: Nicolas Williams]
draft-williams-gssapi-stackable-pseudo-mechs

o GSS-APIv2 Extension for Storing Delegated Credentials
[editor: Nicolas Williams]
draft-williams-gssapi-store-deleg-creds

o GSSAPI Mechanisms without a Unique Canonical Name
[editor: Sam Hartman]
draft-hartman-gss-naming

o SPNEGO (RFC 2478) Revisions
[editor: Wyllys Ingersoll / Larry Zhu]
draft-zhu-spnego-2478bis

o Guide to the GSS-APIv3
[editor: Nicolas Williams]
draft-williams-gssapi-v3-guide-to

o Namespace Considerations and Registries for GSS-API Extensions
[editor: Nicolas Williams]
draft-williams-gssapi-extensions-iana

o GSS-API Domain-Based Service Names and Name Type
[editor: Nicolas Williams]
draft-williams-gssapi-domain-based-names

o GSS-API Domain-Based Service Names Mapping for the Kerberos V GSS
Mechanism
[editor: Nicolas Williams]
draft-williams-krb5-gssapi-domain-based-names

o A PRF API extension for the GSS-API
[editor: Nicolas Williams]
draft-williams-gssapi-prf

o A PRF for the Kerberos V GSS-API Mechanism
[editor: Nicolas Williams]
draft-williams-krb5-gssapi-prf

o Generic Security Service API Version 2 : Java & C# Bindings
[editors: Larry Zhu / Corby Morris]
draft-morris-java-gssapi-update-for-csharp

Goals and Milestones:

  Done         First Meeting

  Sep 2007       Submit updated draft-ietf-kitten-gssapi-domain-based-names and
               draft-ietf-kitten-krb5-gssapi-domain-based-names to the IESG

  Oct 2007       WGLC on draft-ietf-kitten-gssapi-channel-bindings

  Oct 2007       Submit draft-ietf-kitten-extended-mech-inquiry to the IESG as
               Proposed Standard

  Nov 2007       WGLC on GSS-API Naming Extensions
               (draft-ietf-kitten-gssapi-naming-exts)

  Nov 2007       Submit draft-ietf-kitten-stackable-pseudo-mechs to the IESG as
               Proposed Standard

  Nov 2007       Submit draft-ietf-kitten-gssapi-channel-bindings to the IESG as
               Proposed Standard

  Dec 2007       WGLC on draft-ietf-kitten-gssapi-store-cred

  Dec 2007       Submit GSS-API Naming Extensions
               (draft-ietf-kitten-gssapi-naming-exts) to the IESG as Proposed
               Standard

  Jan 2008       WGLC on Generic Security Service API Version 3 : Java-bindings
               (draft-ietf-kitten-rfc2853bis)

  Jan 2008       Submit draft-ietf-kitten-gssapi-store-cred to the IESG as
               Proposed Standard as Proposed Standard

  Feb 2008       Submit Generic Security Service API Version 3 : Java-bindings
               (draft-ietf-kitten-rfc2853bis) to the IESG as Proposed Standard


Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Feb 2005 Feb 2009   <draft-ietf-kitten-rfc2853bis-05.txt>
               Generic Security Service API Version 2 : Java Bindings Update

Feb 2005 Apr 2009   <draft-ietf-kitten-extended-mech-inquiry-06.txt>
               Extended Generic Security Service Mechanism Inquiry APIs

Feb 2005 Mar 2009   <draft-ietf-kitten-gssapi-channel-bindings-06.txt>
               Clarifications and Extensions to the GSS-API for the Use of
               Channel Bindings

Feb 2005 Mar 2009   <draft-ietf-kitten-gssapi-store-cred-04.txt>
               GSS-API Extension for Storing Delegated Credentials

Feb 2005 Apr 2009   <draft-ietf-kitten-gssapi-extensions-iana-06.txt>
               Namespace Considerations and Registries for GSS-API Extensions

May 2005 Mar 2009   <draft-ietf-kitten-gssapi-naming-exts-04.txt>
               GSS-API Naming Extensions

Request For Comments:

 RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4178Standard  Oct 2005    The Simple and Protected Generic Security
                      ServiceApplication Program Interface (GSS-API)
                      Negotiation Mechanism

RFC4401Standard  Feb 2006    A Pseudo-Random Function (PRF) API Extension for the
                      Generic Security Service Application Program Interface
                      (GSS-API)

RFC4402Standard  Feb 2006    A Pseudo-Random Function (PRF) for the Kerberos V
                      Generic Security Service Application Program Interface
                      (GSS-API) Mechanism

RFC4768 I    Dec 2006    Desired Enhancements to Generic Security Services
                      Application Program Interface (GSS-API) Version 3 Naming

RFC5179 PS   May 2008    Generic Security Service Application Program Interface
                      (GSS-API) Domain-Based Service Names Mapping for the
                      Kerberos V GSS Mechanism

RFC5178 PS   May 2008    Generic Security Service Application Program Interface
                      (GSS-API) Internationalization and Domain-Based Service
                      Names and Name Type

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.