From leifj@sunet.se Thu Aug 1 00:28:22 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81EDF21F9DBD for ; Thu, 1 Aug 2013 00:28:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efVWCvXF4VAS for ; Thu, 1 Aug 2013 00:28:21 -0700 (PDT) Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) by ietfa.amsl.com (Postfix) with ESMTP id A61E221F9DAA for ; Thu, 1 Aug 2013 00:28:09 -0700 (PDT) Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id r717S7ZJ005165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 1 Aug 2013 09:28:07 +0200 Received: from [130.129.9.66] (dhcp-9142.meeting.ietf.org [130.129.9.66]) (authenticated bits=0) by smtp1.nordu.net (8.14.6/8.14.6) with ESMTP id r717S4Rr002055 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 1 Aug 2013 07:28:07 GMT Message-ID: <51FA0E04.7020704@sunet.se> Date: Thu, 01 Aug 2013 09:28:04 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: abfab@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, nordu-net:default, base:default, @@RPTN) X-p0f-Info: os=unknown unknown, link=Ethernet or modem X-CanIt-Geo: ip=130.129.9.66; country=CZ; latitude=49.7500; longitude=15.5000; http://maps.google.com/maps?q=49.7500,15.5000&z=6 X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default) X-Canit-Stats-ID: 0aK7js75e - c59c8033e2f0 - 20130801 X-Antispam-Training-Forget: https://mailfilter.nordu.net/canit/b.php?i=0aK7js75e&m=c59c8033e2f0&t=20130801&c=f X-Antispam-Training-Nonspam: https://mailfilter.nordu.net/canit/b.php?i=0aK7js75e&m=c59c8033e2f0&t=20130801&c=n X-Antispam-Training-Spam: https://mailfilter.nordu.net/canit/b.php?i=0aK7js75e&m=c59c8033e2f0&t=20130801&c=s X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw X-Scanned-By: CanIt (www . roaringpenguin . com) Subject: [abfab] Presentations uploaded X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2013 07:28:22 -0000 Folks, We're meeting at 17:00 in Schoeneberg 1+2. Most of the presentations are already online but if you're missing something please shout or (even better) send them sometime during the day Details about remote participation is here (audio stream, meetecho, jabber): http://www.ietf.org/meeting/87/remote-participation.html Cheers Leif & Morteza From leifj@mnt.se Thu Aug 1 00:30:50 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E2921F9DAA for ; Thu, 1 Aug 2013 00:30:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9JSgMeLkAxz for ; Thu, 1 Aug 2013 00:30:46 -0700 (PDT) Received: from mail-pa0-f46.google.com (mail-pa0-f46.google.com [209.85.220.46]) by ietfa.amsl.com (Postfix) with ESMTP id C888221F9D9C for ; Thu, 1 Aug 2013 00:30:46 -0700 (PDT) Received: by mail-pa0-f46.google.com with SMTP id fa1so1813705pad.5 for ; Thu, 01 Aug 2013 00:30:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=drX2hvYtX5yTtB5y0gTAgtiDdkKGRcRIrRlNHlAgYJE=; b=OaybI2iBQRvRx1luKdavqxjvZpI2JrXv3A1wbBfGAfcBdCFpDICTI0F/yXB4wXCzFE 91KKxX7nZi5Sj7YAxOsEprtM5gDv8fKtKka+JDSlvY6GS4M1ElTyjgNicRHIgkYEFcVF JXQ4WUdsrUtXpnl+8VfxzVceipLs2iSE6kSKbUx/wSVDPGDO8uSyaXaN1gYgmRKIZlFp wiDm6x6+en5nK2zHXZABq7u6Vl/fmsmyu1a33CVVDKbNM6xikZyJMonZU8TpoqnTo4yn K50LTEKF2T05dR/s80LMYRROdqPKvEneumjvafRQIDYg31wOypEImVp2wnL030vKSUAV nfNw== X-Received: by 10.67.22.99 with SMTP id hr3mr2433916pad.12.1375342246582; Thu, 01 Aug 2013 00:30:46 -0700 (PDT) Received: from ?IPv6:2001:df8:0:8:152b:37ef:33cf:c19d? ([2001:df8:0:8:152b:37ef:33cf:c19d]) by mx.google.com with ESMTPSA id bg3sm1477741pbb.44.2013.08.01.00.30.44 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 01 Aug 2013 00:30:45 -0700 (PDT) Message-ID: <51FA0EA3.3000806@mnt.se> Date: Thu, 01 Aug 2013 09:30:43 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: abfab@ietf.org References: <51FA0E04.7020704@sunet.se> In-Reply-To: <51FA0E04.7020704@sunet.se> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQl0WNREVRsiGi48QtZcUr6P6Km1hJU+NGtHLGEhbNJn0LOn65Cy0oIftIlRGhuRjWjQrbCR Subject: Re: [abfab] Presentations uploaded X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2013 07:30:51 -0000 On 08/01/2013 09:28 AM, Leif Johansson wrote: > Folks, > > We're meeting at 17:00 in Schoeneberg 1+2. Most of the presentations are > already > online but if you're missing something please shout or (even better) > send them > sometime during the day > > Details about remote participation is here (audio stream, meetecho, jabber): > > http://www.ietf.org/meeting/87/remote-participation.html > > Cheers Leif & Morteza > _______________________________________________ > abfab mailing list > abfab@ietf.org > https://www.ietf.org/mailman/listinfo/abfab sorry - that was the wrong group! From leifj@mnt.se Thu Aug 1 00:32:41 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D9B21F9AE9 for ; Thu, 1 Aug 2013 00:32:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTyf4JhbB3P7 for ; Thu, 1 Aug 2013 00:32:36 -0700 (PDT) Received: from mail-pa0-f46.google.com (mail-pa0-f46.google.com [209.85.220.46]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED4021F9AC5 for ; Thu, 1 Aug 2013 00:32:35 -0700 (PDT) Received: by mail-pa0-f46.google.com with SMTP id fa1so1821218pad.19 for ; Thu, 01 Aug 2013 00:32:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=S1prX/vJ6MmRhERpNnKiUwXV8v8eXjHCOAHiLZWEjsg=; b=CtTWKFhnl8uLLgA4fwbXYPKFwhDyfpVT3NECrJx4XscwtUcjxr+w/XhQjhGNNk+L6t iu0Mg/AdGBiKYoT9PicVh+OiysAwWPXV+OjUDrsVTgtlj9/DBYMdoPpgjHipFJQKtX0f 2Pms4/thf6HMW7SBUpfgtvbw2WdtUuMts9nRBakGTf5mMqeNarIKcnL2Qn7cbpZrlL94 3yCHFjfbEaiiLRnreDfnh8atQ7I0M/zCQQIfBFYEBolSvBFAxUwhH5zCJPaqv26hGYno yaLjy890i/xAVkuejG6jByTiOKMTJHrrwbTVDcllplL78MCIRxwRJscUJSZ6a7iaWi3Z b+KQ== X-Received: by 10.68.171.35 with SMTP id ar3mr281971pbc.61.1375342355459; Thu, 01 Aug 2013 00:32:35 -0700 (PDT) Received: from ?IPv6:2001:df8:0:8:152b:37ef:33cf:c19d? ([2001:df8:0:8:152b:37ef:33cf:c19d]) by mx.google.com with ESMTPSA id ai6sm1184166pad.15.2013.08.01.00.32.33 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 01 Aug 2013 00:32:34 -0700 (PDT) Message-ID: <51FA0F10.8070903@mnt.se> Date: Thu, 01 Aug 2013 09:32:32 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: abfab@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQmZseJQR7+SEW4CCLxINeH08+S9ET4ccuXh3rbz0G9jTC580iN03Bjy2j7jdNjU6s38mIHw Subject: [abfab] minutes from tuesday X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2013 07:32:41 -0000 Minutes from the meeting is online. Cheers Leif From leifj@sunet.se Thu Aug 1 09:19:16 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B521721F8235 for ; Thu, 1 Aug 2013 09:19:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Lf0p0JPJMq8 for ; Thu, 1 Aug 2013 09:19:16 -0700 (PDT) Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) by ietfa.amsl.com (Postfix) with ESMTP id 95CEE21F85D1 for ; Thu, 1 Aug 2013 09:19:11 -0700 (PDT) Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id r71GJ7w9001888 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 1 Aug 2013 18:19:08 +0200 Received: from [130.129.9.66] (dhcp-9142.meeting.ietf.org [130.129.9.66]) (authenticated bits=0) by smtp1.nordu.net (8.14.6/8.14.6) with ESMTP id r71GJ3eH004363 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 1 Aug 2013 16:19:07 GMT Message-ID: <51FA8A75.7080501@sunet.se> Date: Thu, 01 Aug 2013 18:19:01 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: abfab@ietf.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, nordu-net:default, base:default, @@RPTN) X-p0f-Info: os=unknown unknown, link=Ethernet or modem X-CanIt-Geo: ip=130.129.9.66; country=CZ; latitude=49.7500; longitude=15.5000; http://maps.google.com/maps?q=49.7500,15.5000&z=6 X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default) X-Canit-Stats-ID: 0aK7sj8aQ - e4de31632394 - 20130801 X-Antispam-Training-Forget: https://mailfilter.nordu.net/canit/b.php?i=0aK7sj8aQ&m=e4de31632394&t=20130801&c=f X-Antispam-Training-Nonspam: https://mailfilter.nordu.net/canit/b.php?i=0aK7sj8aQ&m=e4de31632394&t=20130801&c=n X-Antispam-Training-Spam: https://mailfilter.nordu.net/canit/b.php?i=0aK7sj8aQ&m=e4de31632394&t=20130801&c=s X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw X-Scanned-By: CanIt (www . roaringpenguin . com) Subject: [abfab] time of day for the conference calls X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2013 16:19:17 -0000 As we mentioned in the meeting today we're planning for regular WG conference calls every 2:nd Wednesday starting 21/8. The question has been raised about a good time for holding a conference call in order to maximize the chance for participation we're looking at two different times: Alt 1: 11 AM PST Alt 2: 7 AM PST Please indicate your preference for either of these times! Cheers Leif From leifj@sunet.se Fri Aug 2 00:41:42 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D56421E8221 for ; Fri, 2 Aug 2013 00:41:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FsynoRT2q5QM for ; Fri, 2 Aug 2013 00:41:41 -0700 (PDT) Received: from e-mailfilter02.sunet.se (e-mailfilter02.sunet.se [IPv6:2001:6b0:8:2::202]) by ietfa.amsl.com (Postfix) with ESMTP id 7FBCD21E809A for ; Fri, 2 Aug 2013 00:41:41 -0700 (PDT) Received: from smtp1.nordu.net (smtp1.nordu.net [IPv6:2001:948:4:6::32]) by e-mailfilter02.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id r727fWFG001355 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 Aug 2013 09:41:32 +0200 Received: from [130.129.17.63] (dhcp-113f.meeting.ietf.org [130.129.17.63]) (authenticated bits=0) by smtp1.nordu.net (8.14.6/8.14.6) with ESMTP id r727fSY4026883 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 2 Aug 2013 07:41:31 GMT Message-ID: <51FB62A8.5090509@sunet.se> Date: Fri, 02 Aug 2013 09:41:28 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: Rhys Smith References: <51FA8A75.7080501@sunet.se> <77434FDE-7A36-40C2-94F3-DDAB569C3F18@cardiff.ac.uk> In-Reply-To: <77434FDE-7A36-40C2-94F3-DDAB569C3F18@cardiff.ac.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, nordu-net:default, base:default, @@RPTN) X-p0f-Info: os=unknown unknown, link=Ethernet or modem X-CanIt-Geo: ip=130.129.17.63; country=CZ; latitude=49.7500; longitude=15.5000; http://maps.google.com/maps?q=49.7500,15.5000&z=6 X-CanItPRO-Stream: outbound-nordu-net:outbound (inherits from outbound-nordu-net:default, nordu-net:default, base:default) X-Canit-Stats-ID: 0aK7HFwEA - 0b44d3aa6cdb - 20130802 X-Antispam-Training-Forget: https://mailfilter.nordu.net/canit/b.php?i=0aK7HFwEA&m=0b44d3aa6cdb&t=20130802&c=f X-Antispam-Training-Nonspam: https://mailfilter.nordu.net/canit/b.php?i=0aK7HFwEA&m=0b44d3aa6cdb&t=20130802&c=n X-Antispam-Training-Spam: https://mailfilter.nordu.net/canit/b.php?i=0aK7HFwEA&m=0b44d3aa6cdb&t=20130802&c=s X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw X-Scanned-By: CanIt (www . roaringpenguin . com) Cc: abfab@ietf.org Subject: Re: [abfab] time of day for the conference calls X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 07:41:42 -0000 On 08/02/2013 09:25 AM, Rhys Smith wrote: > Wasn't this meant to be sent to SCIM? > -- > Sigh. This isn't my week for getting email right. From stefan.winter@restena.lu Wed Aug 7 03:03:27 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F379021F9A18 for ; Wed, 7 Aug 2013 03:03:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.425 X-Spam-Level: X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, SARE_MILLIONSOF=0.315] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pV3Kfrou2vAo for ; Wed, 7 Aug 2013 03:03:26 -0700 (PDT) Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by ietfa.amsl.com (Postfix) with ESMTP id D1A7921E80BA for ; Wed, 7 Aug 2013 03:03:25 -0700 (PDT) Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id EB96D1058D for ; Wed, 7 Aug 2013 12:03:23 +0200 (CEST) Received: from aragorn.restena.lu (aragorn.restena.lu [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id D5CF51058B for ; Wed, 7 Aug 2013 12:03:23 +0200 (CEST) Message-ID: <52021B67.9030306@restena.lu> Date: Wed, 07 Aug 2013 12:03:19 +0200 From: Stefan Winter User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: abfab@ietf.org X-Enigmail-Version: 1.5.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ebABh82Nr02ca7pw3umTqwBc64gj23I2V" X-Virus-Scanned: ClamAV Subject: [abfab] Review of draft-smith-abfab-usability-ui-considerations-03 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2013 10:03:27 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ebABh82Nr02ca7pw3umTqwBc64gj23I2V Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, as promised at IETF87, I gave the above draft a read. Since it has expired and a new rev is pending, I'm not digging into nits, but remain on a conceptual layer: 5.1 Identity =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D contains the advice " Implementors of an identity selector will need to carefully consider their indended audience for both their level of technical capability and the existing terminology that they may have been exposed to." That is a nice thought, but IMHO won't help in reality. The implementer of an Identity Selector does not know in which contexts his software is going to be used. If you think on the probably widest scale: you implement a built-in identity selector for an extremely popular Operating System with millions of users: - Your "target audience" is every human who is able to power on a computer; levels of technical capability will vary from total incompetence to extremely skilled. - You also do not know which terminology all those users have been exposed to. 5.2 Services =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This section is rather thin, and could use some more text. I for one see the identity selector as an EAP supplicant; yes it does ABFAB-specific things, but it needs not be a separate entity from a network-enabling EAP supplicant. I think it's worth mentioning that one of the services the identity selector could provide is the "Network Login Service"; converging the network and other-service logins into one. 6.1, first bullet, your TODO remark =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Especially since we do not know the level of skill on the user side, forcing the id to be a realm seems inappropriate to me. A friendly name is understood by everybody; a cryptic @foo.bar.baz construct much less so= =2E 6.1, fourth bullet =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The trust anchor is not necessarily a certificate. At least in the network use case, it is most often the tuple of (trusted root certificate; server name as in Subject or subjectAltName). The fact that it's a tuple has consequences for UI: it needs to provide input fields and/or provisioning mechanisms for both parts. 6.1 last two bullets =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Since these are optional, probably not worth discussing a lot, just a question: "Reset Password" is typically a helpdesk operation; so with Helpdesk URL I don't see much use for a separate Password Change URL? 6.2.1 Manual Addition =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D In EAP supplicants we often see a bad behaviour in that supplicants default to "don't verify server identity" or "allow to continue connecting even if server identity doesn't match". I would suggest adding text that the UI should force the user as much as possible towards a secure setting. I.e. verification of server identity should be on by default, and if the user just "clicks next" the UI will not allow him to go to the next step unless he's either finalised entering trust anchor information - or - explicitly configures that he wants an insecure config (I imagine a big fat signal-colour warning on screen when he checks that option). 6.2.2 second bullet =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The text is okay, but I believe it is misplaced here. Even with manual provisioning, the same question needs to be settled (and arguably also in fully automated addition). So it's more like a general requirement for an identity selector to ask this question and belongs to section 6.1. It is a question that's probably best asked in the moment when the user uses a service for the first time, and the decision is subsequently memorised by the ID selector. 6.4 Verifying an identity =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= It might make sense for the identity provider to set up a "test" service along with his RADIUS/ABFAB/SAML server. The identity selector could then (if a login URL or so is provided with UI or automated provisioning) check for a successful identity setup immediately after the identity is added. Being able to specify the test service URL is then required for UI. This is way cooler than with network access; you can only test that if you are near a hotspot or ethernet plug of that network. But with ABFAB, having an IP address is enough to do a test. I believe this should be exploited. 7 Mappings =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D I'm not sure a full "many to many" relationship is needed to be configurable or visible in UI. A user would likely configure "Identity A is good for services m and n" (a 1 to n relationship); or "I have accounts with identity B and C for service x" (a n to 1 relationship). If all these relationships are configured, it may be that the consequence is that several of the identities are good for several of the services; but that is nothing that needs to be communicated to the user. The UI should IMHO steer clear of explaining the user's full mesh of mappings to him. I could imagine a user clicking on one identity and be shown the services he has configured for it; or clicking on a service, and be shown which identities are good for that service. I don't see how presenting a tree, or even forest, of graphs with the full mesh is in any way helpful (or even comprehensible) to a user. 7.4 Disassociating Mappings =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Why would this be a MUST requirement? The whole process of dis-associating seems like an action without consequences for me. It would not change anything on the service side (i.e. account details are not deprovisioned when dis-associating - right?). And even if disassociated, the user could visit the service later again and re-associate at any time. So, what changes when disassociating an identity from a service? Is it more than UI hygiene, i.e. is the effect more significant than just removing bloat from the list of services locally? 9.1 Success on First Use Reporting =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D You write "depending on the service" here; which begs the question: how is the identity selector supposed to know if a given service is among those that should be reported as success to the user. This would IMHO require the identity selector to have metadata to that end about the service; which doesn't seem like a good idea to me. And now I'm leaving you to those large empty TODO sections in the document :-) Greetings, Stefan Winter --=20 Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R=E9seau T=E9l=E9informatique de l'Education National= e et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 --ebABh82Nr02ca7pw3umTqwBc64gj23I2V Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlICG2sACgkQ+jm90f8eFWYZmQCgidOgZ1fMRaZwHQVWTxLA3f7c 9goAnR2SyiQ9GLBrPK7hCxITZI9+UBh1 =rGlr -----END PGP SIGNATURE----- --ebABh82Nr02ca7pw3umTqwBc64gj23I2V-- From internet-drafts@ietf.org Thu Aug 22 08:20:56 2013 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08DE011E8205; Thu, 22 Aug 2013 08:20:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.564 X-Spam-Level: X-Spam-Status: No, score=-102.564 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LM6ayw-4MCbI; Thu, 22 Aug 2013 08:20:54 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF0811E81F2; Thu, 22 Aug 2013 08:20:54 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.70.p1 Message-ID: <20130822152054.15898.77572.idtracker@ietfa.amsl.com> Date: Thu, 22 Aug 2013 08:20:54 -0700 Cc: abfab@ietf.org Subject: [abfab] I-D Action: draft-ietf-abfab-eapapplicability-06.txt X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Aug 2013 15:20:56 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Application Bridging for Federated Access= Beyond web Working Group of the IETF. Title : Update to the EAP Applicability Statement for ABFAB Author(s) : Stefan Winter Joseph Salowey Filename : draft-ietf-abfab-eapapplicability-06.txt Pages : 7 Date : 2013-08-19 Abstract: This document updates the Extensible Authentication Protocol (EAP) applicability statement from RFC3748 to reflect recent usage of the EAP protocol in the Application Bridging for Federated Access Beyond web (ABFAB) architecture. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-abfab-eapapplicability There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-abfab-eapapplicability-06 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-abfab-eapapplicability-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/