Common Authentication Technology Next Generation (kitten)
---------------------------------------------------------
Charter
Last Modified: 2011-12-09
Current Status: Active Working Group
Chair(s):
Shawn Emery <
[email protected]>
Tom Yu <
[email protected]>
Alexey Melnikov <
[email protected]>
Security Area Director(s):
Stephen Farrell <
[email protected]>
Sean Turner <
[email protected]>
Security Area Advisor:
Stephen Farrell <
[email protected]>
Mailing Lists:
General Discussion:
[email protected]
To Subscribe:
https://www.ietf.org/mailman/listinfo/kitten
Archive:
http://www.ietf.org/mail-archive/web/kitten/current/maillist.html
Description of Working Group:
The Generic Security Services (GSS) API and Simple Authentication and
Security Layer (SASL) provide various applications with a security
framework for secure network communication. The purpose of the Common
Authentication Technology Next Generation (Kitten) working group (WG) is
to develop extensions/improvements to the GSS-API, shepherd specific
GSS-API security mechanisms, and provide guidance for any new SASL-
related submissions.
This working is chartered to specify the following extensions and
improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API:
* Provide new interfaces for credential management, which include the
following:
initializing credentials
iterating credentials
exporting/importing credentials
* Specify interface for asynchronous calls.
* Negotiable replay cache avoidance
* Define interfaces for better error message reporting.
* Provide a more programmer friendly GSS-API for application developers.
This could include reducing the number of interface parameters, for
example, by eliminating parameters which are commonly used with the
default values.
* Specify an option for exporting partially-established security
contexts and possibly a utility function for exporting security
contexts in an encrypted form, as well as a corresponding utility
function to decrypt and import such security context tokens.
This WG is also chartered to finalize proposed SASL mechanisms as
GSS-API mechanisms (based on RFC 5801):
* A SASL Mechanism for OpenID
draft-ietf-kitten-sasl-openid
* SASL Mechanisms for SAML:
draft-ietf-kitten-sasl-saml
draft-cantor-ietf-kitten-saml-ec
The SAML mechanism drafts will include applicability
statement text to highlight when each is appropriate
for use.
* A SASL Mechanism for OAuth
draft-mills-kitten-sasl-oauth
The transition from SASL to GSS-API mechanisms will allow a greater set
of applications to utilize said mechanisms with SASL implementations
that support the use of GSS-API mechanisms in SASL (RFC 5801).
This WG should review proposals for new SASL and GSS-API mechanisms, but
may take on work on such mechanisms only through a revision of this
charter. The WG should also review non-mechanism proposals related to
SASL and the GSS-API. However, work that adds SASL or GSS-API support in
application protocols is out of scope and should be handled by the
corresponding application's WG.
Deliverables:
* GSS-API: initializing credentials
* GSS-API: iterating credentials
* GSS-API: exporting/importing credentials
* GSS-API: specification for asynchronous calls
* GSS-API: interfaces/improvements for better error message reporting
* GSS-API: programmer friendly interfaces
* SASL: SASL mechanism for OpenID
* SASL: SASL mechanisms for SAML
* SASL: SASL mechanism for OAuth
* GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana
Goals and Milestones:
Jul 2011 Submit SASL OpenID mechanism to the IESG as Proposed Standard
Jul 2011 Submit naming-exts to the IESG as Proposed Standard
Jul 2011 WGLC on gssapi-extensions-iana
Aug 2011 Submit SASL SAML mechanisms to the IESG as Proposed Standard
Sep 2011 Submit gssapi-extensions-iana to the IESG as Proposed Standard
Internet-Drafts:
Posted Revised I-D Title <Filename>
------ ------- --------------------------------------------
May 2005 Dec 2011 <draft-ietf-kitten-gssapi-naming-exts-12.txt>
GSS-API Naming Extensions
Aug 2010 Feb 2012 <draft-ietf-kitten-sasl-openid-08.txt>
A SASL & GSS-API Mechanism for OpenID
Sep 2010 Feb 2012 <draft-ietf-kitten-sasl-saml-09.txt>
A SASL and GSS-API Mechanism for SAML
Aug 2011 Aug 2011 <draft-ietf-kitten-sasl-saml-ec-00.txt>
SAML Enhanced Client SASL and GSS-API Mechanisms
Nov 2011 Nov 2011 <draft-ietf-kitten-sasl-oauth-00.txt>
A SASL and GSS-API Mechanism for OAuth
Request For Comments:
RFC Stat Published Title
------- -- ----------- ------------------------------------
RFC4178Standard Oct 2005 The Simple and Protected Generic Security
ServiceApplication Program Interface (GSS-API)
Negotiation Mechanism
RFC4401Standard Feb 2006 A Pseudo-Random Function (PRF) API Extension for the
Generic Security Service Application Program Interface
(GSS-API)
RFC4402Standard Feb 2006 A Pseudo-Random Function (PRF) for the Kerberos V
Generic Security Service Application Program Interface
(GSS-API) Mechanism
RFC4768 I Dec 2006 Desired Enhancements to Generic Security Services
Application Program Interface (GSS-API) Version 3 Naming
RFC5178 PS May 2008 Generic Security Service Application Program Interface
(GSS-API) Internationalization and Domain-Based Service
Names and Name Type
RFC5179 PS May 2008 Generic Security Service Application Program Interface
(GSS-API) Domain-Based Service Names Mapping for the
Kerberos V GSS Mechanism
RFC5554 PS May 2009 Clarifications and Extensions to the Generic Security
Service Application Program Interface (GSS-API) for the
Use of Channel Bindings
RFC5588 PS Jul 2009 Generic Security Service Application Program Interface
(GSS-API) Extension for Storing Delegated Credentials
RFC5587 PS Jul 2009 Extended Generic Security Service Mechanism Inquiry APIs
RFC5653 PS Aug 2009 Generic Security Service API Version 2: Java Bindings
Update
RFC6331 I Jul 2011 Moving DIGEST-MD5 to Historic
