Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, kitten mailing list <email@example.com>, kitten chair <firstname.lastname@example.org> Subject: Document Action: 'Desired Enhancements to GSSAPI Version 3 Naming' to Informational RFC The IESG has approved the following document: - 'Desired Enhancements to GSSAPI Version 3 Naming ' <draft-ietf-kitten-gss-naming-06.txt> as an Informational RFC This document is the product of the Kitten (GSS-API Next Generation) Working Group. The IESG contact persons are Russ Housley and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-kitten-gss-naming-06.txt
Technical Summary The Generic Security Services API (GSS-API) provides a naming architecture that supports name-based authorization. GSS-API authenticates two named parties to each other. Names can be stored on access control lists to make authorization decisions. Advances in security mechanisms and the way implementers wish to use GSS-API require this model to be extended for the next version of GSS-API. As people move within an organization or change their names, the name authenticated by GSS-API may change. Using some sort of constant identifier would make ACLs more stable. Some mechanisms such as public-key mechanisms do not have a single name to be used across all environments. Other mechanisms such as Kerberos may include group membership or role information as part of authentication. This document motivates extensions to GSS-API naming and describes the extensions under discussion. Working Group Summary This document is a product of the Kitten Working Group. It describes the choices that are facing the Working Group for naming in GSS-API Version 3. Protocol Quality This document was reviewed by Russ Housley for the IESG.