Application Bridging for Federated Access Beyond Web (ABFAB) Architecture

The information below is for an old version of the document
Document Type Expired Internet-Draft (abfab WG)
Authors Josh Howlett  , Hannes Tschofenig  , Sam Hartman  , Eliot Lear 
Last updated 2011-07-29
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Over the last decade a substantial amount of work has occurred in the space of federated access management. Most of this effort has focused on two use-cases: network and web-based access. However, the solutions to these use-cases that have been proposed and deployed tend to have few common building blocks in common. This memo describes an architecture that makes use of extensions to the commonly used security mechanisms for both federated and non- federated access management, including RADIUS, Diameter, GSS, GS2, EAP and SAML. The architecture addresses the problem of federated access management to primarily non-web-based services, in a manner that will scale to large numbers of identity providers, relying parties, and federations.


Josh Howlett (
Hannes Tschofenig (
Sam Hartman (
Eliot Lear (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)