From nobody Fri Aug 7 03:31:12 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F671A8ACB; Fri, 7 Aug 2015 03:31:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OdaAQSo7G4b; Fri, 7 Aug 2015 03:31:09 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F40241A8AA4; Fri, 7 Aug 2015 03:31:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.4.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150807103108.31573.9033.idtracker@ietfa.amsl.com> Date: Fri, 07 Aug 2015 03:31:08 -0700 Archived-At: Cc: abfab@ietf.org Subject: [abfab] I-D Action: draft-ietf-abfab-aaa-saml-11.txt X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Aug 2015 10:31:10 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Application Bridging for Federated Access Beyond web Working Group of the IETF. Title : A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for SAML Authors : Josh Howlett Sam Hartman Alejandro Perez-Mendez Filename : draft-ietf-abfab-aaa-saml-11.txt Pages : 28 Date : 2015-08-07 Abstract: This document describes the use of the Security Assertion Mark-up Language (SAML) with RADIUS in the context of the ABFAB architecture. It defines two RADIUS attributes, a SAML binding, a SAML name identifier format, two SAML profiles, and two SAML confirmation methods. The RADIUS attributes permit encapsulation of SAML assertions and protocol messages within RADIUS, allowing SAML entities to communicate using the binding. The two profiles describe the application of this binding for ABFAB authentication and assertion query/request, enabling a Relying Party to request authentication of, or assertions for, users or machines (Clients). These Clients may be named using a NAI name identifier format. Finally, the subject confirmation methods allow requests and queries to be issued for a previously authenticated user or machine without needing to explicitly identify them as the subject. These artifacts have been defined to permit application in AAA scenarios other than ABFAB, such as network access. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-abfab-aaa-saml/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-abfab-aaa-saml-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-abfab-aaa-saml-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Aug 7 03:37:10 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC97B1ACD6C for ; Fri, 7 Aug 2015 03:37:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.91 X-Spam-Level: X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzl8c4QsU8cy for ; Fri, 7 Aug 2015 03:37:05 -0700 (PDT) Received: from xenon22.um.es (xenon22.um.es [155.54.212.162]) by ietfa.amsl.com (Postfix) with ESMTP id 759731ACD00 for ; Fri, 7 Aug 2015 03:37:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon22.um.es (Postfix) with ESMTP id 9242A171B for ; Fri, 7 Aug 2015 12:37:03 +0200 (CEST) X-Virus-Scanned: by antispam in UMU at xenon22.um.es Received: from xenon22.um.es ([127.0.0.1]) by localhost (xenon22.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id loNk6Bko2xY2 for ; Fri, 7 Aug 2015 12:37:03 +0200 (CEST) Received: from [10.42.0.179] (84.121.18.25.dyn.user.ono.com [84.121.18.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon22.um.es (Postfix) with ESMTPSA id 5E05A9DD for ; Fri, 7 Aug 2015 12:37:02 +0200 (CEST) To: abfab@ietf.org References: <20150807103108.31573.9033.idtracker@ietfa.amsl.com> From: =?UTF-8?Q?Alejandro_P=c3=a9rez_M=c3=a9ndez?= Message-ID: <55C48A4D.2020403@um.es> Date: Fri, 7 Aug 2015 12:37:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150807103108.31573.9033.idtracker@ietfa.amsl.com> Content-Type: multipart/alternative; boundary="------------050903080200050401080301" Archived-At: Subject: Re: [abfab] I-D Action: draft-ietf-abfab-aaa-saml-11.txt X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Aug 2015 10:37:09 -0000 This is a multi-part message in MIME format. --------------050903080200050401080301 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Dear all, we have posted a new version of draft-ietf-abfab-aaa-saml, which addresses most of the pending issues we discussed in the IETF meeting. This version will be used to request a review from the SSTC. The main changes include: * Section 1: Remove mention to [I-D.jones-diameter-abfab] * Section 1.1: Included table of terminology (similar to the one in the ABFAB architecture I-D) * Section 4: Inclusion of the SAML metadata extensions to represent RADIUS names. * Section 8: "RADIUS State Confirmation Methods" moved to "Section 6: RADIUS State Confirmation Method Identifiers". The "sender vouches" Confirmation Method is no longer used. Instead, the SAML V2.0 "RADIUS State" is used (i.e. urn:ietf:params:abfab:cm:user or urn:ietf:params:abfab:cm:machine) * Section 11. Changed the format of the IANA table describing the RADIUS attributes, splitting Type and Ext. Type for clarity. Regards, Alejandro El 07/08/15 a las 12:31, internet-drafts@ietf.org escribió: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Application Bridging for Federated Access Beyond web Working Group of the IETF. > > Title : A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for SAML > Authors : Josh Howlett > Sam Hartman > Alejandro Perez-Mendez > Filename : draft-ietf-abfab-aaa-saml-11.txt > Pages : 28 > Date : 2015-08-07 > > Abstract: > This document describes the use of the Security Assertion Mark-up > Language (SAML) with RADIUS in the context of the ABFAB architecture. > It defines two RADIUS attributes, a SAML binding, a SAML name > identifier format, two SAML profiles, and two SAML confirmation > methods. The RADIUS attributes permit encapsulation of SAML > assertions and protocol messages within RADIUS, allowing SAML > entities to communicate using the binding. The two profiles describe > the application of this binding for ABFAB authentication and > assertion query/request, enabling a Relying Party to request > authentication of, or assertions for, users or machines (Clients). > These Clients may be named using a NAI name identifier format. > Finally, the subject confirmation methods allow requests and queries > to be issued for a previously authenticated user or machine without > needing to explicitly identify them as the subject. These artifacts > have been defined to permit application in AAA scenarios other than > ABFAB, such as network access. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-abfab-aaa-saml/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-abfab-aaa-saml-11 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-abfab-aaa-saml-11 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > abfab mailing list > abfab@ietf.org > https://www.ietf.org/mailman/listinfo/abfab --------------050903080200050401080301 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit Dear all,

we have posted a new version of draft-ietf-abfab-aaa-saml, which addresses most of the pending issues we discussed in the IETF meeting. This version will be used to request a review from the SSTC.

The main changes include:
  • Section 1: Remove mention to [I-D.jones-diameter-abfab]
  • Section 1.1: Included table of terminology (similar to the one in the ABFAB architecture I-D)
  • Section 4: Inclusion of the SAML metadata extensions to represent RADIUS names.
  • Section 8: "RADIUS State Confirmation Methods" moved to "Section 6: RADIUS State Confirmation Method Identifiers". The "sender vouches" Confirmation Method is no longer used. Instead, the SAML V2.0 "RADIUS State" is used (i.e. urn:ietf:params:abfab:cm:user or urn:ietf:params:abfab:cm:machine)
  • Section 11. Changed the format of the IANA table describing the RADIUS attributes, splitting Type and Ext. Type for clarity.
Regards,
Alejandro

El 07/08/15 a las 12:31, internet-drafts@ietf.org escribió:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Application Bridging for Federated Access Beyond web Working Group of the IETF.

        Title           : A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for SAML
        Authors         : Josh Howlett
                          Sam Hartman
                          Alejandro Perez-Mendez
	Filename        : draft-ietf-abfab-aaa-saml-11.txt
	Pages           : 28
	Date            : 2015-08-07

Abstract:
   This document describes the use of the Security Assertion Mark-up
   Language (SAML) with RADIUS in the context of the ABFAB architecture.
   It defines two RADIUS attributes, a SAML binding, a SAML name
   identifier format, two SAML profiles, and two SAML confirmation
   methods.  The RADIUS attributes permit encapsulation of SAML
   assertions and protocol messages within RADIUS, allowing SAML
   entities to communicate using the binding.  The two profiles describe
   the application of this binding for ABFAB authentication and
   assertion query/request, enabling a Relying Party to request
   authentication of, or assertions for, users or machines (Clients).
   These Clients may be named using a NAI name identifier format.
   Finally, the subject confirmation methods allow requests and queries
   to be issued for a previously authenticated user or machine without
   needing to explicitly identify them as the subject.  These artifacts
   have been defined to permit application in AAA scenarios other than
   ABFAB, such as network access.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-abfab-aaa-saml/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-abfab-aaa-saml-11

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-abfab-aaa-saml-11


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
abfab mailing list
abfab@ietf.org
https://www.ietf.org/mailman/listinfo/abfab

--------------050903080200050401080301-- From nobody Fri Aug 7 07:58:25 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18AA01B2DDF for ; Fri, 7 Aug 2015 07:58:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.002 X-Spam-Level: X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcS4Z9E9yId5 for ; Fri, 7 Aug 2015 07:58:22 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0136.outbound.protection.outlook.com [207.46.100.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD8FF1B2DDC for ; Fri, 7 Aug 2015 07:58:16 -0700 (PDT) Received: from BY2FFO11FD009.protection.gbl (10.1.14.33) by BY2FFO11HUB009.protection.gbl (10.1.14.165) with Microsoft SMTP Server (TLS) id 15.1.243.9; Fri, 7 Aug 2015 14:58:14 +0000 Authentication-Results: spf=pass (sender IP is 164.107.81.216) smtp.mailfrom=osu.edu; ietf.org; dkim=none (message not signed) header.d=none; Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.216 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.216; helo=cio-tnc-pf02.osuad.osu.edu; Received: from cio-tnc-pf02.osuad.osu.edu (164.107.81.216) by BY2FFO11FD009.mail.protection.outlook.com (10.1.14.73) with Microsoft SMTP Server (TLS) id 15.1.243.9 via Frontend Transport; Fri, 7 Aug 2015 14:58:14 +0000 Received: from CIO-TNC-HT06.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by cio-tnc-pf02.osuad.osu.edu (Postfix) with ESMTPS id 4A75C20053 for ; Fri, 7 Aug 2015 10:58:13 -0400 (EDT) Received: from CIO-TNC-D2MBX02.osuad.osu.edu ([fe80::3960:dd86:ba2:ad26]) by CIO-TNC-HT06.osuad.osu.edu ([fe80::3d16:84bd:8d88:7cfd%12]) with mapi id 14.03.0224.002; Fri, 7 Aug 2015 10:58:13 -0400 From: "Cantor, Scott" To: "abfab@ietf.org" Thread-Topic: Comments on draft-ietf-abfab-aaa-saml-11 Thread-Index: AQHQ0SF7of7mlEQFmE+WSlziI+4vfg== Date: Fri, 7 Aug 2015 14:58:12 +0000 Message-ID: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.146.14.104] Content-Type: text/plain; charset="utf-8" Content-ID: <3DCE8799AF72D64EB25D53738BDA8006@osu.edu> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD009; 1:famaV6de4+vLL4M6FP5C2LOG0mACn7xXWG3AbXHJbwh7JDlEoJh01Bnb1q+Sl/tV7ptCGl0Nw0ZknYAQMOvP9pmr/JPXbl7WEWBcDZcVynmudor/TRi/Go/2XmG3HgrfDvaDXAyM+lo5T+7ftm+R6Bm8h8Cv1tx8Cy2RFVtjZFmyzUUmLYU7x4EYMw0u2qWOzMDORZRa1zKq73xfAUat2umx9hokb+FCOnUxOxAlAVfTTsORtxsoAN+ScVt0m4hoLF9DaCuqd3L7nTMgTCeoWA== X-Forefront-Antispam-Report: CIP:164.107.81.216; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(189002)(199003)(5003600100002)(54356999)(88552001)(2656002)(33656002)(36756003)(50466002)(46102003)(75432002)(102836002)(230783001)(2501003)(89122001)(110136002)(5250100002)(77156002)(229853001)(450100001)(92566002)(90282001)(189998001)(107886002)(2351001)(62966003)(82746002)(5001830100001)(64706001)(5001860100001)(47776003)(66066001)(4001540100001)(106466001)(109096001)(106116001)(50986999)(93346002)(87936001)(2900100001)(6806004)(83716003)(23676002)(86362001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2FFO11HUB009; H:cio-tnc-pf02.osuad.osu.edu; FPR:; SPF:Pass; PTR:cio-tnc-pf02.osuad.osu.edu; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB009; 2:MHtI16X1Oile8O4VlB04hkcNydzJkpyh+dVbqdn3XmUwMtsKjtu2Dr9Q84PkMf13Tot9xnMA021n2mZpe3fX0Uc16qahgN0Ui6aH2uPfptJSdsXL5jO1obvO2E3ylc71/fgYex5sZaL0d0x3+MKDS2kLZvQbMON936odVO6UsQM=; 3:mCewBHujC0mLEdTIGlQ3a/vytoBBmGb1w9SLsaCM4tGB8gJexwznanQfXrCeRqplkV7IAwMmXAEarUdLomc15ftxVY2vsOJEU9Ch8S0gunKLG72ibMn56HBPquo7iAZmL6zfctK0E/EbPnQFKb58hDdrjz4uKjBZIVDrEERWk88XRKjVoYlMPCVpJwPBkopGmEsWafozavfWMOdOaBCEvdFR+ztWAD9UcAGv7WZKrJTXw/cYL+2vv2GMctev5W5l; 25:cYv+JhsNF4d7TtXLiznxqelWr7r1giXXfo6jYwVElV8YXj2+uJt9xCEMhBuDiYfdcTqZme3L1EwhF5dbkxI+TlMUi5K4AzJ0Y6WGhmTfirOm04BtPHqr3NC7ydO/ACdKpUfkkKYS9zJ/lEVsjs76OKtgOfdW+wNHq0/H1z/Xr7qg6wR82QJ2qW0OGVBveu/ful+AS2RTM4pYKjvmb9sE8GHTkgh43F+tXfRV9KIncBZ2wemh5/8Q8oRGJPDbrd+mS7+OYv6pY6jDQZWWAng34Q== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2FFO11HUB009; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB009; 20:AGuvCyQaRPaMI9zfM06G7wnyoeIEnryX0Vd8W6Qg8d9+fi0Uq9xg9mhx0J3kBvVz9G7w/MzcZGSjO/0L1t/DJYkqsjTNLPdofknXq2/GJcXqf4xw86tjNEKPITxcCnOfaUTyySBUx8mHinJ65t/KQg/XZBxfXmJI2uVTuMbwU5m0FkVrnm6cVDj3kUsAPOdeKa9qNsEuJrCdzpBE9VO8FJ6alnlqkBT/Sbm+buOcHJ8m46c28lyoPqy9JxA8KV8O2Lb0uIqmsrAMkggSskt4EaUQBoln1/9e8WiwHcUFxvTzyJ4UHBDdS465mMlNnAkODOvu+RIkJ8Oi7GkVYwpXL0/5e1frYFe1OhdT8dtNGN1J2O1pY/UzDV3vdNPMpo+m8Z3/5T3bdW4FGW4ASOOThYuN1afAejwLxvTRDMj1HwPaWWgJs6W097E4R7X52MXgAd8YpczxrGjNpadhFL25QNtp5tqBlv6lSduneRaoQWj1SiGruDAhopfHlT20vQ+h; 4:ugi7I1/8LNmG67BUHzTYGLMMk64ET/Va6JRhcSNrNRrr2sMecWyW7daJlJ9QE7WmzSPrbiBPYhpHZGt+XJmKCdD+Co1yerMlAdNUhM27e7W0GigEMUIZzR3wBgdNJaKiagQCvEm8JAu9awWdQM3Z7Y77XTaRkGvnkAxQcWslJQ8vki1hiFKP2ifP1nLPA7yvV+Y7M+iPgPVgXi1AirvVYW3xzHDb/5Fx9vSrJL81FcrTO7wWQ9wldcBCIg3Cl660tm6SgXg6E0U7p/NCYZHdmwqtLlOtTYBf5l+GtqzGM7w= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BY2FFO11HUB009; BCL:0; PCL:0; RULEID:; SRVR:BY2FFO11HUB009; X-Forefront-PRVS: 066153096A X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJGRk8xMUhVQjAwOTsyMzpJWVh4RThOZGVERmoramxwaFYrRW5Jd3Uy?= =?utf-8?B?SFI1c0p1VlBCN3Yya2tGcGVWNUxJLzhQVXVNTDV1dURmc0dRMlQvdU9BeFRE?= =?utf-8?B?U0NZMU50QTdTZGtMQ3laN3pxMXFRYTFDSWtTNktPK3BtUDR1eW1MdmJhVzQr?= =?utf-8?B?c1FVelVkUHhJc0FERS9GSUJqTk9EakRRRXlSbG0wM2paVXZiaW5CNlVhVG1n?= =?utf-8?B?NzZqbjU2L1ZiYnNZQm5NMld4ZGhqMlB5aFRaUUNCK3JKWHBHL0xTTW13Z0Rj?= =?utf-8?B?S05nWjNrbS9EUDZqYnJhVnV3bTNPQkVKR1d4WGUrenZIaEgvLzJoVGFOZlZh?= =?utf-8?B?V295djRzUFVGK2d1aEkxalBsRFJtWm5IZ2dRV0dpdXMydGxTUU9VTWtGSVM4?= =?utf-8?B?UmlYQ3EvZndobXdlRGp4aGRwTUlBMkMyRmphalJzbmRqVHZjZlVnWmExaW1v?= =?utf-8?B?VXhrRGMwUC82UDB2cng3UWNPazNyREF0cWcrN2Y1ekEvczlKZU5qMnRBSlRn?= =?utf-8?B?eTBWSm10R3FCT2ovc29Fd2o1VThyRkpxMDY2My8zNzdnQlRucVEzUzJnTGtW?= =?utf-8?B?YUpTcG5xVU40UlpUZFhzcGQwdkdOTUR6dUZuK1l2eGhBRWg5WnRJZkVrZE5o?= =?utf-8?B?NWlxdUlWMUNyNjdDQUJUOEwwckErZ3RSMzduc2NRdEJpZTFlcVBwOUxoc3BD?= =?utf-8?B?WFUyL0VyVFBEVXN0cDA5bk9OcHFsZVVZaGFMcTZxRHV5eE9XSkRJdkFPZ1NV?= =?utf-8?B?WU9NMm41blI2ZXUrUkNyVWVUTEh3VDVjNHJsbzdTUVh1dUQ2Rk15TXVLbGRF?= =?utf-8?B?VTB4djdqU2ExcjJQM3AxV2RMZlpGWWQ5YWtDVkdkNTJDMXo0N0dFcU9QUG1S?= =?utf-8?B?YmxsVlcrUFkveFdud1V6bjFKaEhJU05ucmxnYjFuYjkrR2c3eUhaeUhYNlRw?= =?utf-8?B?ZWlaajh0ZExWYmxIRDFDdlpaQTJJMnpEakRaVXlMdExKbHZhK3JLNTh6alhj?= =?utf-8?B?UWE1MDROaVBlQlVjS1NIYkJzNGdqZ2xnZ2N4Zi9aWGdTZmFMVlNlOTFNdVln?= =?utf-8?B?dW5maDYyWStKT2Ruc3Q3b1E1OWl0UTJGOElxdGhUNHNTVGxoSGFBWnZVVk8v?= =?utf-8?B?Z2x6ZUxNSHBVZDEyWkRmVmV5ejFlRXBKb1dLV29RTkQ5YzE1UzRxbEY3QjlT?= =?utf-8?B?eEh2QVozZzYySjg3bENnU0RmdFJBQkY5WVd3RGpod2J6K1BXODAzRGZEWGVk?= =?utf-8?B?b3cyRGpxVHRsV0dCVldBQWJ3Y2FKd2ZxeDR5bDhKNXlhNDU2R0hvdnAwbzdl?= =?utf-8?B?UzVBcEdwcklRc2RHVWpPbk1HZE9MMU1RR0J6TzlnSkFWWXp2c1NiK0JMY3lQ?= =?utf-8?B?Ylo3Wng3bmU3bXVLRXdCNWhXNlZGdStBRTZWREhPTUlMVGRSaWdmRHhWSWZw?= =?utf-8?B?T2R5M21RSGJjV2paUGRPSktrMkltUUpZS0F2blE0dnArQTFnQThXYkUxVnFS?= =?utf-8?B?bVdNV1FNd3JodGp6N1MrQWVIQndsRlE5TEk1ZGlVekozRjlrRHpMZkc5L2lv?= =?utf-8?B?SjhHS1NJR3dDNjBOZmVrSjBoYzRZTGx6RlFDdExuaGh3VHFzTWRLV29xWjl0?= =?utf-8?B?NEFGc2VSNURKZ09CZm8zaVZ4cHpId0dsMTRQYVVlZlp6OTZrRm13VXh1dz09?= X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB009; 5:hoF7c7K2BvkZGX41XrU5PwIoPQi+SyGdtlfjMz7oseDr1XM4X2atEyzJE15w8124FFtr0MTcCdzitSIMVI1Ak15fKe+SHXh06GqKcaJGzTl0ix5xQobQdRksaQ+Khpd0Mo8hz0hQOzQFwJ0ibfb40g==; 24:Homqri1bdy0DCDbCFcLI91+BS1TBtekS1sNLxdNTuLt702fWS3yLyQ1MeyMLy0+Uqis5rCRH2NDUd13ezYvFWgIu28LYJWErTLLmKEgjhcg= X-OriginatorOrg: osu.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Aug 2015 14:58:14.0459 (UTC) X-MS-Exchange-CrossTenant-Id: b4d138ca-1815-4a9b-a3a7-130a33b1e692 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b4d138ca-1815-4a9b-a3a7-130a33b1e692; Ip=[164.107.81.216]; Helo=[cio-tnc-pf02.osuad.osu.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2FFO11HUB009 Archived-At: Subject: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Aug 2015 14:58:24 -0000 SnVzdCBhIGJyaWVmIHJldmlldyBwcmltYXJpbHkgb2Ygc2VjdGlvbiA0IGFuZCB0aGUgbWV0YWRh dGEgbWF0ZXJpYWwuDQoNCjQuMy4yDQoNCkkgd291bGRuJ3QgZGVub3RlICJlbnRpdHlJRCIgYXMg PGVudGl0eUlkPiBhcyB0aGF0IHN1Z2dlc3RzIGFuIFhNTCBlbGVtZW50IGJ5IHRoYXQgbmFtZSwg d2hpY2ggZG9lc24ndCBleGlzdCBpbiBTQU1MLg0KDQpBcG9sb2dpZXMgaWYgaXQncyBjb3ZlcmVk IGVsc2V3aGVyZSwgYnV0IHRoZXNlIGJ1bGxldHMgc2VlbXMgdG8gbGFjayBzcGVjaWZpY2l0eToN Cg0KDQoNCiAgIG8gIFJBRElVUyBjbGllbnQgaWRlbnRpdHkgaW4gdHJ1c3RlZCBkaWdpdGFsbHkg c2lnbmVkIFNBTUwgcmVxdWVzdC4NCg0KDQogICBvICBSQURJVVMgcmVhbG0gaW4gdHJ1c3RlZCBk aWdpdGFsbHkgc2lnbmVkIFNBTUwgcmVzcG9uc2Ugb3INCiAgICAgIGFzc2VydGlvbi4NCg0KDQpI b3cgcHJlY2lzZWx5IGlzIHRoZSBSQURJVVMgaWRlbnRpdHkgZXhwcmVzc2VkIGluIHRoZSBTQU1M IG1lc3NhZ2VzPw0KDQo0LjMuMw0KDQpPbmUgdGhpbmcgbWlzc2luZyBpcyBhIGRlZmluaXRpb24g b2Ygd2hhdCB0byBwdXQgaW4gdGhlIHByb3RvY29sU3VwcG9ydEVudW1lcmF0aW9uIGF0dHJpYnV0 ZSBmb3IgdGhlc2Ugcm9sZXMuIFByZXN1bWFibHkgdGhhdCB3b3VsZCBiZSBzb21lIGlkZW50aWZp ZXIgcmVwcmVzZW50aW5nIHdoYXRldmVyIGZhbWlseSBvZiBwcm9maWxlcyB0aGlzIGJpbmRpbmcg aXMgaW50ZW5kZWQgdG8gYmUgdXNlZCB3aXRoLiBJbiBTQU1MIGl0J3MgdXNlZCB0byBkZWxpbmVh dGUgU0FNTCAxIGFuZCBTQU1MIDIgc3VwcG9ydC4gSXQncyBhIHJlcXVpcmVkIGF0dHJpYnV0ZSBv biBldmVyeSBSb2xlRGVzY3JpcHRvciwgc28gc29tZXRoaW5nIGhhcyB0byBiZSBpbiBpdC4NCg0K NC4zLjQNCg0KT25lIHBvaW50IGlzIHRoYXQgaW4gdGhlIFhNTCBleGFtcGxlcyBzaG93biwgdGhl IHZhcmlvdXMgc3RyaW5nLXZhbHVlZCBlbGVtZW50cyBhcmUgc2hvd24gd2l0aCB3aGl0ZXNwYWNl IGFyb3VuZCB0aGUgdmFsdWVzLiBJdCB3b3VsZCBiZSB1bnVzdWFsIHRvIG5vcm1hdGl2ZWx5IGFk ZHJlc3MgdGhlIHRyaW1taW5nIHF1ZXN0aW9uLCBidXQgSSBkb24ndCBrbm93IGlmIHlvdSB3YW50 IHRoZSBleGFtcGxlcyB0byBhY3R1YWxseSBlbmNvdXJhZ2UgZXh0cmEgd2hpdGVzcGFjZSBnaXZl biB0aGF0IG5vIG1hdHRlciB3aGF0IHlvdSBzYXkgb3IgZG8sIHNvbWUgaW1wbGVtZW50YXRpb25z IGluZXZpdGFibHkgd29uJ3QgdHJpbS4gSW4gZmFjdCwgaXQncyBwcm9iYWJseSB3b3J0aCBub3Rp bmcgaXQgaWYgeW91IG5lZWQgaW1wbGVtZW50YXRpb25zIHRvICpub3QqIHRyaW0sIGJ1dCBJIGFz c3VtZSB0aGVzZSBlbGVtZW50cyBieSBhbmQgbGFyZ2UgZG9uJ3QgZXhwZWN0IGxlYWRpbmcvdHJh aWxpbmcgV1MgdG8gYmUgc2lnbmlmaWNhbnQuDQoNCjQuNQ0KDQpUaGlzIHRleHQgcmVhZHMgYSBi aXQgb2RkbHkgZ2l2ZW4gdGhhdCB0aGUgcHJldmlvdXMgc2VjdGlvbiBleHBsaWNpdGx5IGNvdmVy cyB0aGUgbWV0YWRhdGEgZXh0ZW5zaW9ucyBkZWZpbmVkLiBBdCBtaW5pbXVtLCBpdCBzZWVtcyBs aWtlIG1heWJlIGl0IHNob3VsZCBpbmRpY2F0ZSB0aGF0IGlmIG1ldGFkYXRhICppcyogdXNlZCwg dGhvc2Ugcm9sZXMgTVVTVCBiZSBwcmVzZW50Pw0KDQotLSBTY290dA0KDQo= From nobody Sat Aug 8 00:26:11 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A911ACEA7 for ; Sat, 8 Aug 2015 00:26:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.311 X-Spam-Level: X-Spam-Status: No, score=-3.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_26=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Ymw-FeeX0Ed for ; Sat, 8 Aug 2015 00:26:08 -0700 (PDT) Received: from xenon22.um.es (xenon22.um.es [155.54.212.162]) by ietfa.amsl.com (Postfix) with ESMTP id 850701ACEBF for ; Sat, 8 Aug 2015 00:26:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon22.um.es (Postfix) with ESMTP id 6ABB22B68 for ; Sat, 8 Aug 2015 09:26:05 +0200 (CEST) X-Virus-Scanned: by antispam in UMU at xenon22.um.es Received: from xenon22.um.es ([127.0.0.1]) by localhost (xenon22.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id SJBem-+chtrs for ; Sat, 8 Aug 2015 09:26:05 +0200 (CEST) Received: from [10.42.0.179] (84.121.18.25.dyn.user.ono.com [84.121.18.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon22.um.es (Postfix) with ESMTPSA id 3CDEB1A40 for ; Sat, 8 Aug 2015 09:26:03 +0200 (CEST) To: abfab@ietf.org References: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> From: =?UTF-8?Q?Alejandro_P=c3=a9rez_M=c3=a9ndez?= Message-ID: <55C5AF0A.2060000@um.es> Date: Sat, 8 Aug 2015 09:26:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Aug 2015 07:26:10 -0000 Hi Scott, thanks for the quick review. See my comments inline. El 07/08/15 a las 16:58, Cantor, Scott escribió: > Just a brief review primarily of section 4 and the metadata material. > > 4.3.2 > > I wouldn't denote "entityID" as as that suggests an XML element by that name, which doesn't exist in SAML. Right, I will remove it. > > Apologies if it's covered elsewhere, but these bullets seems to lack specificity: > > > > o RADIUS client identity in trusted digitally signed SAML request. > > > o RADIUS realm in trusted digitally signed SAML response or > assertion. > > > How precisely is the RADIUS identity expressed in the SAML messages? Although it would be possible doing so, we agreed that this document would only provide a technical solution for representing the AAA name in trusted SAML metadata. If someone wanted to express them in SAML messages, he would need to define how this would be done. I will state something like that at the beginning of section 4.3.3 to make it clear. > > 4.3.3 > > One thing missing is a definition of what to put in the protocolSupportEnumeration attribute for these roles. Presumably that would be some identifier representing whatever family of profiles this binding is intended to be used with. In SAML it's used to delineate SAML 1 and SAML 2 support. It's a required attribute on every RoleDescriptor, so something has to be in it. That confuses me. This attribute is already defined in the description of the RoleDescriptor type, and I thought that I did not need to provide further information. For instance, in the saml-metadata-2.0-os document, other subtypes of RoleDescriptor such as SSODescriptor or AttributeAuthorityDescriptor, or even subsubtypes such as IDPSSODescriptor, say nothing about the value of protocolSupportEnumeration. I just followed the same kind of description they do. In fact, in that document, the only place besides RoleDescriptor where protocolSupportEnumeration appears is in section "2.6 Examples", so I did include it in my examples. Where do you suggest to include this kind of description? In the introductory text for each role? Why other subtypes of RoleDescriptor do not provide it? > > 4.3.4 > > One point is that in the XML examples shown, the various string-valued elements are shown with whitespace around the values. It would be unusual to normatively address the trimming question, but I don't know if you want the examples to actually encourage extra whitespace given that no matter what you say or do, some implementations inevitably won't trim. In fact, it's probably worth noting it if you need implementations to *not* trim, but I assume these elements by and large don't expect leading/trailing WS to be significant. You are right, I don't want the extra whitespaces to be included in the value of the element. What do you suggest?: a) making the example look like this idp.com or b) using another type that has implicit trimming capabilities (if such thing exists) For instance, I've seen that the localizedNameType extends xs:string, but it seems to have no problems with trimming. This text is extracted from saml-metadata-2.0-os section 2.6: Identity Providers R US, a Division of Lerxst Corp. where OrganizationDisplayName is of type localizedNameType, and it is shown with whitespace around the values. Does this subtype define anything special that implies trimming? > > 4.5 > > This text reads a bit oddly given that the previous section explicitly covers the metadata extensions defined. At minimum, it seems like maybe it should indicate that if metadata *is* used, those roles MUST be present? You're completely right. I will update the text. Thanks! -- Alejandro > > -- Scott > > _______________________________________________ > abfab mailing list > abfab@ietf.org > https://www.ietf.org/mailman/listinfo/abfab From nobody Sun Aug 9 11:59:53 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49A811B2EC0 for ; Sun, 9 Aug 2015 11:59:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.699 X-Spam-Level: * X-Spam-Status: No, score=1.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_26=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSQK2LMLtHNT for ; Sun, 9 Aug 2015 11:59:50 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0101.outbound.protection.outlook.com [65.55.169.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 571F11B2EBD for ; Sun, 9 Aug 2015 11:59:50 -0700 (PDT) Received: from BY2FFO11OLC003.protection.gbl (10.1.14.30) by BY2FFO11HUB042.protection.gbl (10.1.14.83) with Microsoft SMTP Server (TLS) id 15.1.243.9; Sun, 9 Aug 2015 18:59:48 +0000 Authentication-Results: spf=pass (sender IP is 164.107.81.214) smtp.mailfrom=osu.edu; ietf.org; dkim=none (message not signed) header.d=none; Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.214 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.214; helo=cio-krc-pf07.osuad.osu.edu; Received: from cio-krc-pf07.osuad.osu.edu (164.107.81.214) by BY2FFO11OLC003.mail.protection.outlook.com (10.1.15.183) with Microsoft SMTP Server (TLS) id 15.1.243.9 via Frontend Transport; Sun, 9 Aug 2015 18:59:47 +0000 Received: from CIO-KRC-HT02.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by cio-krc-pf07.osuad.osu.edu (Postfix) with ESMTPS id CB61F500036; Sun, 9 Aug 2015 14:59:46 -0400 (EDT) Received: from CIO-TNC-D2MBX02.osuad.osu.edu ([fe80::3960:dd86:ba2:ad26]) by CIO-KRC-HT02.osuad.osu.edu ([fe80::8554:1787:2a7:72c9%12]) with mapi id 14.03.0224.002; Sun, 9 Aug 2015 14:59:46 -0400 From: "Cantor, Scott" To: =?utf-8?B?QWxlamFuZHJvIFDDqXJleiBNw6luZGV6?= , "abfab@ietf.org" Thread-Topic: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 Thread-Index: AQHQ0SF7of7mlEQFmE+WSlziI+4vfp4B98AAgAIRHwA= Date: Sun, 9 Aug 2015 18:59:45 +0000 Message-ID: <0EB79B20-E2CE-451A-9139-CC581DFD28B7@osu.edu> References: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> <55C5AF0A.2060000@um.es> In-Reply-To: <55C5AF0A.2060000@um.es> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.146.14.120] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11OLC003; 1:PnkU+DQEOnhAAegjOwIFUN3MthqU3aps7PqT/Qyg8vyJxcWhtTb9zu4z5g2sE6+BKjlCKc3BPHEMXfGXLCoS4C6Nphl4ocROixzxFcLfZkUS/t8/XARAVYJ/X3GXmheke8fH4g1tJ7H4Njt+uamJr2BVyKPmzWSX6lS3YuUr7+8aZdQ2qLfA7NVDVFC4FwrkKUaMqDYJuJF+JLyrDrFqg+KyMSvwnu1zCfaqjTy968NRpR+dFejvihaRNx1PAaLfInnwvVhbHD4JSK/F+j5fcDa4DoW9k8b0268hsfJAyfobhbUr4+ASqdpvuIHiZihG X-Forefront-Antispam-Report: CIP:164.107.81.214; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(189002)(199003)(479174004)(24454002)(377454003)(90282001)(230783001)(6806004)(107886002)(66066001)(54356999)(4001540100001)(89122001)(75432002)(46102003)(109096001)(2900100001)(77156002)(5250100002)(86362001)(189998001)(36756003)(5001860100001)(64706001)(87936001)(5001770100001)(92566002)(2950100001)(47776003)(2501003)(19580405001)(5001830100001)(83716003)(50986999)(33656002)(5003600100002)(82746002)(19580395003)(102836002)(62966003)(2656002)(88552001)(106116001)(96286002)(23676002)(106466001)(93346002)(76176999)(50466002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2FFO11HUB042; H:cio-krc-pf07.osuad.osu.edu; FPR:; SPF:Pass; PTR:cio-krc-pf07.osuad.osu.edu; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB042; 2:htfQWqIlXobtlIH1UTMjU2tk7EhKpcQAtR7WxXHN5GuuFFkg6/kTaUcxJ13dJQTcdRyF0I37RbH8xdY4qLvSxOK97H/DhjcFulhi+7vvzqBc0rjAma03j/xNgxLwRUergg+CjC44yd0PW1KZxZH6vZ8RkkeqGqBMCYC3U8TEuKo=; 3:gC4IRGUW5ckC0DUMH4MMkRz5ZlW07bEMa8KQ15+g0hX3cNCkdYfoJxMpC9FKZ2SrOznaJxGauDojJjIiO7IPCYUxWoqlQykpxVZOLWhfKiT1Bpt4SvFBdk8FI5FcRigi5pyWiTvLl2gLDqu4uf7wjfZl6n3y1MxXo+a3LVvYRG2SIsteLR8P8L79wMca3PdIhsS6ZByp2eqxO8NItc5PK3uvxz2rHIC59p35H0qEcgZuxCkNIeiSaep6FgE6D6EE; 25:Xj0Hdwm1D5r3labeTT77GHzj8uGG9fqEiJXgWxXWTb3WE8c7pIiJ892kfh2+q0qYRQ/0d6jf4upRrXY0L37SgtZZ1KBgezgkw+oC5SIDHwrQrlQ6xed7lJwASidMsJ02wxrjX5E6txl8Qsf3kwo1s9SteJYrBxJmaU6LnWt69U//nzS0kQY52pU5rZ5KE/jQp4P8h6By4EHFp6tkkJeQnzwCPQ6rCKfSxRcPGklrBvAExS1RPzksaucEn146JlJNqaBv9Gl9LBKbeuQqvLssQw== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2FFO11HUB042; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB042; 20:l/zkcsKi0f7MX/dpB1FNtJvL+5L9ZTDQkPX5h7CsSVYTvqwgVA0T3Sdfr0Lx3fHTVEpeWCam2zN0XZSNtYGbLiesRSVOzBL6taMU/+KOgJujqpIzfdTH00hzMuF+ShAFHWUT3/fyWLEgJq2NVum7nmG8ToS7OgLp3lWwbEDEwRmpSKLBGiGiBmbMdlTd9ik0JG7Ql6/BNtKSDnIqs7x8wVXy5nNHxTTCTfuayqcvrxogBnTh79GlZ9OWWkV6nRjsphFlr3QoDQ4eZJIpxJIHJuVw0gl5Sz3qCDfH9RwWmbEt3eSiavDLuA88vmkuAUHjZ1g71dpQ86lUf+X09Y/Y1fLFrXGdgt1Y++ITh+OWiwUSB7ZVOGPfhdP8+rpPmJUvOX0staPzLrEeBwxbEoxN2VLfiJpHcD5IIHfEO4pMM3Og8n8DYgBbPeoFmZFZNu2t6Wx1e1HR3Sag4ZaP2cVP/lXyL0t1hViL5ZMBowiQWEWOVUSCRv2M6/Z9oJEEpPac; 4:1DT+QWE+dE9z3M6pnSv3SGMdj0h6vNndWE8c2QWaRUzoB8FafutQOQMGNFaqUfH6drMyLWnU30ON0+IjrSirFTmY28HYhST/cPOZC5umLEy+wdpLjdUJ3sdoLOk4n8J44hPxNJmb8Ptfd7aQhBzHey8GgTwvNshG0U09Hu8PXmKbvHObg6Hj03XE/2XKJE/1JlR9yv8m6vQYePNCrGnr4BeRm64Wpvfubj6l96EzKaL+q7tkxHb4kJka1IiKe0Yjypl0ROyFNb6B4Y7p023cS9RL53QCyQbPLPcKyNwptbo= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BY2FFO11HUB042; BCL:0; PCL:0; RULEID:; SRVR:BY2FFO11HUB042; X-Forefront-PRVS: 0663390E1B X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJGRk8xMUhVQjA0MjsyMzpMN3hsVUhXZzYzQVphdlJ6ZGFNS0Q4VGlh?= =?utf-8?B?YTBDQ2ZUaU5sTFJ2V2l2RnBlLzdyRTc5L2hjSjdQQVYydDJJOGVhdEFDOVQy?= =?utf-8?B?eDc0Mm1MYW9lZy82b1NkYStIOWhTZzZhYmZwcjB0NGFDc25uWmtSTjBZaitr?= =?utf-8?B?bVFhM0dtK29DQlVIaUFyejZBU1ZqLzZja0hoQmF6WFVuNVY3elQ1ZTkwUzBL?= =?utf-8?B?ZHVIOXdRamZkSWozbFBCRGU4bUlHRVMwQTBKcnh3TTJYai96aDlpK0pPK2hZ?= =?utf-8?B?NWRFTVppazRDczhWVmlmVldCVSsvcWNsazNZenRQWlFqRDlXWWQ3dlY0Z1FY?= =?utf-8?B?ZXNmRVdTenVGNWY3cHlGWEJtMUx0MEduYnAvSkRFZmlWOXlMNEtEMlQrU2p2?= =?utf-8?B?OXp3VDMvUkpxSkpXb0FuT1ROeFlWUFJOb2hQdy9UemxmVEQrcjM1RTg1V2Vi?= =?utf-8?B?bE1YelBNaW51K0g3TzBKRDVFQjdPWG1xNUxOSjdyR3pkbE9NQ3U4MHo0UUgw?= =?utf-8?B?cTNIbnNNeUVzY0xxUnpuMXdQWmdXUFNQUHhIMnI3MHZwRXk1eHBleHN2OHR0?= =?utf-8?B?RStsaFJtMVRTZEJaMVVnOStCQ3AxT08xV0g4ZFJ5YXV4ODVvYzZRaTYvZWNG?= =?utf-8?B?dFUvSTNzQWtxb2dNVlNlKytpdG03NEFXVk5pRGlWcHlTeUVPUGxzOTdLUW1B?= =?utf-8?B?YTZYaU9sTC9Qc3lXQkg2Um9UcGY3aDBRUEJPd0lLQWJGRU1Fd2ZQMDMwbSsv?= =?utf-8?B?SncyTEgzeEF1dVRtYXpTKytEcnVyZWtFL1JxTWRNZnJJSFFsYkN0bGxSbElz?= =?utf-8?B?dUIzOExueFBtMmsxU2k4ZDJaR3htQVRZQkpFWUZnd1pSL0FOWll3NUg5NXo4?= =?utf-8?B?eHZ3eDBKUXQ3YXBvL2tkVTJ1STZyWXZ6MCszSGd2dmZmMnc0Q1BqU2dKVUV4?= =?utf-8?B?UVJZWjk0Uk5PUnYvQjB0MTNxV2FFVC9nTENLaTErZll4ZEFvSE5JNjF0SW1P?= =?utf-8?B?Sjk4bTJEeDNqT3hraVRiL1lZemJkU1ZhUnV4VDNQQmh2byt6dFdVU0ZnTzJj?= =?utf-8?B?bTd0YlZSckNNT2ZRWGthMFh0MW9UN3lYeDE3NkVXWWlPY05ndCthS1lFQkpH?= =?utf-8?B?R2hSSkRrWkh0WVlYYnNwR29Fb2xMT1N5L1loalI5QkpsR1FwRGdiZWgxZjZY?= =?utf-8?B?MmFGek5XOTd5QXBNY1BHeEZ1cEtGSEZkdjc0eWlYM1VaLzhBL2lITVdDT0h2?= =?utf-8?B?TmQvMC9icG40K2NDUGhYRjZSNzNoWVduTDI1L0Ntbnp1ZFFkMzFEU2FoT21i?= =?utf-8?B?SEZ4SWMyaWFSdmljYk9XL3dWNm1OQU55dlBILzJ1NHdNYUpEUDBVRWRXY1FC?= =?utf-8?B?T09wcnVEYm5Kb3pSQm9RMzNCTCsrT0E4bG1IUktBd0NWVzZhc1o0cjRlUUFB?= =?utf-8?B?Z2R1aTdlZDF1WFUrQ21hb2NDOTVIRk1YQnZMc2l0MmI0RGdhS2tJLzI5dDNx?= =?utf-8?B?SVdoK00zaGt3dmluNlQxRWprcXY0TnhnRCtnbDZ5YzB3WDFQMHZnYmpvVHNK?= =?utf-8?B?WXRjMTdqM3NrY3RLQ3ZKY3kvM3gzV2k0OEZqU1N4MXBZRXlIS0hCVmhDZFQ5?= =?utf-8?B?WTRvSFcrSlY0VTNKT3o4RTI0Nm5hYVlQUm9HME13OHVCTTZpRmozOHhGVXRz?= =?utf-8?B?bHBRcWRSeng5KzIwR2RBNG9HNWNsRkZqanBpNlplMEZSd3hBenphaWYvWmY5?= =?utf-8?B?OTg3VVltdm1tR01kWW5LV2d2R2ZCWmVtRFhUOUpYNmxLZTcxUHUyK0JMRS9l?= =?utf-8?B?VnEyTnd4UTRnYkdPOXFCRHlsaGJIdEZLM2JzZ05EblVJdWNHd1dpdGQ5dVRk?= =?utf-8?Q?YABnfrk9+cWM=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11HUB042; 5:+nh2ZoaL/Su7k3yPeyINR87iPx1fkWahIRCiS7xvRb9WtK7FIJ/oSLoLZceOMl9FzMc0njVbeSjO4XUSxSxfkWxrtCOs6S85dYczxcmcLPg7UT0msi1fF/cEriF8aC6VdrQwvN0ilM+fBQklz8bU9g==; 24:y4hEADw6IKzveuD21Vn0SQKwNQj0ETunoOhGbLnK3lUim5+v+y56xtJobpltrwHuKPLZGOwtb8XVxNcWFz18ZcbQPcFfdbE9qfkkPQefz/U= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: osu.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2015 18:59:47.9299 (UTC) X-MS-Exchange-CrossTenant-Id: b4d138ca-1815-4a9b-a3a7-130a33b1e692 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b4d138ca-1815-4a9b-a3a7-130a33b1e692; Ip=[164.107.81.214]; Helo=[cio-krc-pf07.osuad.osu.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2FFO11HUB042 Archived-At: Subject: Re: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2015 18:59:52 -0000 T24gOC84LzE1LCAzOjI2IEFNLCAiYWJmYWIgb24gYmVoYWxmIG9mIEFsZWphbmRybyBQw6lyZXog TcOpbmRleiIgPGFiZmFiLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVoYWxmIG9mIGFsZXhAdW0uZXM+ IHdyb3RlOg0KDQoNCj4NCj5UaGF0IGNvbmZ1c2VzIG1lLiBUaGlzIGF0dHJpYnV0ZSBpcyBhbHJl YWR5IGRlZmluZWQgaW4gdGhlIGRlc2NyaXB0aW9uIG9mIHRoZSBSb2xlRGVzY3JpcHRvciB0eXBl LCBhbmQgSSB0aG91Z2h0IHRoYXQgSSBkaWQgbm90IG5lZWQgdG8gcHJvdmlkZSBmdXJ0aGVyIGlu Zm9ybWF0aW9uLiBGb3IgaW5zdGFuY2UsIGluIHRoZSBzYW1sLW1ldGFkYXRhLTIuMC1vcyBkb2N1 bWVudCwgb3RoZXIgc3VidHlwZXMgb2YgUm9sZURlc2NyaXB0b3Igc3VjaCBhcyBTU09EZXNjcmlw dG9yIG9yIEF0dHJpYnV0ZUF1dGhvcml0eURlc2NyaXB0b3IsIG9yIGV2ZW4gc3Vic3VidHlwZXMg c3VjaCBhcyBJRFBTU09EZXNjcmlwdG9yLCBzYXkgbm90aGluZyBhYm91dCB0aGUgdmFsdWUgb2Yg cHJvdG9jb2xTdXBwb3J0RW51bWVyYXRpb24uIEkganVzdCBmb2xsb3dlZCB0aGUgc2FtZSBraW5k IG9mIGRlc2NyaXB0aW9uIHRoZXkgZG8uIEluIGZhY3QsIGluIHRoYXQgZG9jdW1lbnQsIHRoZSBv bmx5IHBsYWNlIGJlc2lkZXMgUm9sZURlc2NyaXB0b3Igd2hlcmUgcHJvdG9jb2xTdXBwb3J0RW51 bWVyYXRpb24gYXBwZWFycyBpcyBpbiBzZWN0aW9uICIyLjYgRXhhbXBsZXMiLCBzbyBJIGRpZCBp bmNsdWRlIGl0IGluIG15IGV4YW1wbGVzLg0KDQpJdCBtYXkgYmUgdGhhdCB0aGUgcmlnaHQgdmFs dWUgaGVyZSBpcyBqdXN0ICJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiLCB3 aGljaCBpcyB0aGUgb25lIHRoYXQncyBjYWxsZWQgb3V0IGJ5IGRlZmF1bHQgaW4gdGhlIG1ldGFk YXRhIHNwZWMgZm9yIFNBTUwgMi4wIGVudGl0aWVzLg0KDQpTaW5jZSB0aGVzZSByb2xlcyB3ZXJl LCBJIHRob3VnaHQsIG1vcmUgaW50ZW5kZWQgdG8gZGVzY3JpYmUgUkFESVVTIGVudGl0aWVzLCB0 aGF0IGRpZG4ndCBzZWVtIGVudGlyZWx5IGFwcHJvcHJpYXRlLCBidXQgT1RPSCBpZiB0aGVzZSBh cmUgUkFESVVTIGVudGl0aWVzIGFibGUgdG8gY29tbXVuaWNhdGUgU0FNTCAyLjAgbWVzc2FnZXMs IEkgZG9uJ3Qga25vdyB0aGF0IGl0IGlzbid0IGFwcHJvcHJpYXRlIGVpdGhlci4NCg0KSXQgZG9l c24ndCBtYXR0ZXIgdGhhdCBtdWNoIGluIHByYWN0aWNlIGhlcmUgYmVjYXVzZSB0aGUgcHVycG9z ZSBvZiB0aGUgYXR0cmlidXRlIGlzIHRvIGRpc3Rpbmd1aXNoIGEgcGFydGljdWxhciByb2xlIHR5 cGUgYWNyb3NzIG11bHRpcGxlIHVzZSBjYXNlcyAoZS5nLiBJRFBTU09EZXNjcmlwdG9yIHRoYXQg bWlnaHQgYmUgU0FNTCAyLjAsIFNBTUwgMS4xLCBXUy1GZWRlcmF0aW9uLCBPcGVuSUQgQ29ubmVj dCwgb3IgYWxsIGZvdXIpLg0KDQpJZiB0aGVzZSByb2xlcyBhcmUgbW9yZSBvciBsZXNzIHNpbmd1 bGFyIGluIG5hdHVyZSwgdGhlbiB0aGUgdmFsdWUgaXMgcHJvYmFibHkgYWNhZGVtaWMsIGFuZCBs ZWF2aW5nIGl0IGRlZmF1bHRpbmcgdG8gInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90 b2NvbCIgaXMgbGlrZWx5IGZpbmUsIGJ1dCBJJ20ganVzdCBub3RpbmcgdGhhdCB0aGF0IGlzIGlu IGZhY3Qgd2hhdCB3b3VsZCBoYXZlIHRvIGFwcGVhci4gSWYgdGhhdCBkb2Vzbid0IHNlZW0gZ29v ZCwgc29tZXRoaW5nIGVsc2Ugd291bGQgbmVlZCB0byBiZSBkZWZpbmVkLg0KDQo+V2hlcmUgZG8g eW91IHN1Z2dlc3QgdG8gaW5jbHVkZSB0aGlzIGtpbmQgb2YgZGVzY3JpcHRpb24/IEluIHRoZSAN Cj5pbnRyb2R1Y3RvcnkgdGV4dCBmb3IgZWFjaCByb2xlPyBXaHkgb3RoZXIgc3VidHlwZXMgb2Yg Um9sZURlc2NyaXB0b3IgZG8gDQo+bm90IHByb3ZpZGUgaXQ/DQoNClRoZSBkZWZhdWx0IHZhbHVl IGlzIGRlZmluZWQgaW4gdGhlIFJvbGVEZXNjcmlwdG9yIGRlZmluaXRpb24uIElmIG9uZSB3YXMg dG8gc3BlY2lmeSBhIGRpZmZlcmVudCBkZWZhdWx0IGZvciBhIHJvbGUgdHlwZSwgaXQgd291bGQg bWFrZSBzZW5zZSB0byBkZWZpbmUgaXQgd2l0aGluIHRoYXQgcm9sZSB0eXBlJ3MgZGVmaW5pdGlv bi4NCg0KPllvdSBhcmUgcmlnaHQsIEkgZG9uJ3Qgd2FudCB0aGUgZXh0cmEgd2hpdGVzcGFjZXMg dG8gYmUgaW5jbHVkZWQgaW4gdGhlDQo+dmFsdWUgb2YgdGhlIGVsZW1lbnQuIFdoYXQgZG8geW91 IHN1Z2dlc3Q/Og0KDQpUaGUgc2ltcGxlc3QgZml4IGlzIGp1c3QgdG8gY2hhbmdlIHRoZSBleGFt cGxlcy4NCg0KPmEpIG1ha2luZyB0aGUgZXhhbXBsZSBsb29rIGxpa2UgdGhpcw0KPg0KPiAgICAg ICAgICAgICAgPFJBRElVU1JlYWxtPmlkcC5jb208L1JBRElVU1JlYWxtPg0KPg0KPm9yDQo+Yikg dXNpbmcgYW5vdGhlciB0eXBlIHRoYXQgaGFzIGltcGxpY2l0IHRyaW1taW5nIGNhcGFiaWxpdGll cyAoaWYgc3VjaCANCj50aGluZyBleGlzdHMpDQoNCk5vIHN1Y2ggdGhpbmcgZXhpc3RzLCBzbyBp dCdzIGEgcmF0aG9sZSB0byB0cnkgYW5kIGFkZHJlc3MgaXQuDQoNCj5Gb3IgaW5zdGFuY2UsIEkn dmUgc2VlbiB0aGF0IHRoZSBsb2NhbGl6ZWROYW1lVHlwZSBleHRlbmRzIHhzOnN0cmluZywgDQo+ YnV0IGl0IHNlZW1zIHRvIGhhdmUgbm8gcHJvYmxlbXMgd2l0aCB0cmltbWluZy4NCg0KRXZlcnl0 aGluZyBiYXNlZCBvbiBzdHJpbmcgZW5kcyB1cCB3aXRoIHRyaW1taW5nIGlzc3VlcyBzb29uZXIg b3IgbGF0ZXIuIE5vdGhpbmcgaGFzIGV2ZXIgYmVlbiBkb25lIHRvIGFkZHJlc3MgaXQuDQoNCj5E b2VzIHRoaXMgc3VidHlwZSBkZWZpbmUgYW55dGhpbmcgc3BlY2lhbCB0aGF0IGltcGxpZXMgdHJp bW1pbmc/DQoNCk5vLiBUaGF0IGFwcHJvYWNoIHRvIHRoZSBleGFtcGxlcyBpcyB3aGF0IEknbSBz dWdnZXN0aW5nIHlvdSBhdm9pZC4NCg0KLS0gU2NvdHQNCg0K From nobody Mon Aug 10 02:41:53 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BB4B1B33D2 for ; Mon, 10 Aug 2015 02:41:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dVubGFVYFkoz for ; Mon, 10 Aug 2015 02:41:40 -0700 (PDT) Received: from mail-la0-f52.google.com (mail-la0-f52.google.com [209.85.215.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2A9F1B33D1 for ; Mon, 10 Aug 2015 02:41:39 -0700 (PDT) Received: by labd1 with SMTP id d1so36914094lab.1 for ; Mon, 10 Aug 2015 02:41:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=/3k0IlaqO5CqS1wK4Jq0Jxy20oPsT1NpcvpLoZO6DjI=; b=i3xn1BK4SoiIKBOo2D3QlWSftzRaY2ODFtMJ8lFWbwuvJFpxuoYXZu2Grgkx91AxyH 4b6YvpjGdRpUCt0Qk8pBO7gcxKq+mqTFQz31qHW50H0a2ilnLibdvv21C6EO0CsVX3TT ZpJ+hCEfOzsTU/pjB/SIbm7hdCmPVwG/F/Gkhlw/4IvYWp286xgZNlTwDmtMPzD+/fZq 573I8imORYoyz7qzp/25dGQij/rxFkA+yRzxIupLEsEk5FpOeRWWw1QBqW6MuY+0sYwe PCw8Xw3Q9IZtRALBhHmyrcm8BcIovGxwwKAjGPJlZSerkfK2/cHwd6Lu3D+oC89QJrrm matw== X-Gm-Message-State: ALoCoQmOm5mbOhu/3mQ/u+pt9XGkN7JHna4lxMkrUr0cj3J8OKRry7InRrrpopRwC+EZFw0EmgQP X-Received: by 10.112.148.162 with SMTP id tt2mr3207308lbb.121.1439199698491; Mon, 10 Aug 2015 02:41:38 -0700 (PDT) Received: from [109.105.104.198] (dhcp64.se-tug.nordu.net. [109.105.104.198]) by smtp.googlemail.com with ESMTPSA id oq2sm4102588lbb.34.2015.08.10.02.41.37 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Aug 2015 02:41:37 -0700 (PDT) Message-ID: <55C871D0.8010405@mnt.se> Date: Mon, 10 Aug 2015 11:41:36 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0 MIME-Version: 1.0 To: abfab@ietf.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2015 09:41:45 -0000 FYI - I've just sent a note to OASIS SSTC asking for review of draft-ietf-abfab-aaa-saml-11 From nobody Mon Aug 10 07:38:08 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7A981B362C for ; Mon, 10 Aug 2015 07:38:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENndt7iP_sai for ; Mon, 10 Aug 2015 07:38:05 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 462EC1B3637 for ; Mon, 10 Aug 2015 07:38:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 0187D2078D; Mon, 10 Aug 2015 10:36:51 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hToruRdwTnj; Mon, 10 Aug 2015 10:36:51 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (c-50-136-30-120.hsd1.ma.comcast.net [50.136.30.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 10 Aug 2015 10:36:51 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id E75E280910; Mon, 10 Aug 2015 10:38:02 -0400 (EDT) From: Sam Hartman To: "Cantor\, Scott" References: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> <55C5AF0A.2060000@um.es> <0EB79B20-E2CE-451A-9139-CC581DFD28B7@osu.edu> Date: Mon, 10 Aug 2015 10:38:02 -0400 In-Reply-To: <0EB79B20-E2CE-451A-9139-CC581DFD28B7@osu.edu> (Scott Cantor's message of "Sun, 9 Aug 2015 18:59:45 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: "abfab@ietf.org" Subject: Re: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2015 14:38:07 -0000 >>>>> "Cantor," == Cantor, Scott writes: Cantor,> It may be that the right value here is just Cantor,> "urn:oasis:names:tc:SAML:2.0:protocol", which is the one Cantor,> that's called out by default in the metadata spec for SAML Cantor,> 2.0 entities. Cantor,> Since these roles were, I thought, more intended to Cantor,> describe RADIUS entities, that didn't seem entirely Cantor,> appropriate, but OTOH if these are RADIUS entities able to Cantor,> communicate SAML 2.0 messages, I don't know that it isn't Cantor,> appropriate either. These are in fact RADIUS entities that can communicate using SAML 2.0 using the binding defined in this document. Currently, that is the only use for these roles. --Sam From nobody Mon Aug 10 08:31:17 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7BB1B36E9 for ; Mon, 10 Aug 2015 08:31:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.002 X-Spam-Level: X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPDjx-aa905j for ; Mon, 10 Aug 2015 08:31:13 -0700 (PDT) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0106.outbound.protection.outlook.com [207.46.100.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 164421B36E8 for ; Mon, 10 Aug 2015 08:31:12 -0700 (PDT) Received: from BN1BFFO11FD025.protection.gbl (10.58.144.31) by BN1BFFO11HUB051.protection.gbl (10.58.144.198) with Microsoft SMTP Server (TLS) id 15.1.243.9; Mon, 10 Aug 2015 15:31:11 +0000 Authentication-Results: spf=pass (sender IP is 164.107.81.210) smtp.mailfrom=osu.edu; ietf.org; dkim=none (message not signed) header.d=none; Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 164.107.81.210 as permitted sender) receiver=protection.outlook.com; client-ip=164.107.81.210; helo=cio-krc-pf03.osuad.osu.edu; Received: from cio-krc-pf03.osuad.osu.edu (164.107.81.210) by BN1BFFO11FD025.mail.protection.outlook.com (10.58.144.88) with Microsoft SMTP Server (TLS) id 15.1.243.9 via Frontend Transport; Mon, 10 Aug 2015 15:31:12 +0000 Received: from CIO-TNC-HT05.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by cio-krc-pf03.osuad.osu.edu (Postfix) with ESMTPS id E724820134; Mon, 10 Aug 2015 11:31:10 -0400 (EDT) Received: from CIO-TNC-D2MBX02.osuad.osu.edu ([fe80::3960:dd86:ba2:ad26]) by CIO-TNC-HT05.osuad.osu.edu ([fe80::d0be:603:484c:5a2f%10]) with mapi id 14.03.0224.002; Mon, 10 Aug 2015 11:31:09 -0400 From: "Cantor, Scott" To: Sam Hartman Thread-Topic: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 Thread-Index: AQHQ03ooof7mlEQFmE+WSlziI+4vfp4FXDMA Date: Mon, 10 Aug 2015 15:31:08 +0000 Message-ID: <2700B470-ED12-4E67-B1BF-130D2BD9C318@osu.edu> References: <75CEE38C-77DD-438B-BECD-6FF8ADB6826E@osu.edu> <55C5AF0A.2060000@um.es> <0EB79B20-E2CE-451A-9139-CC581DFD28B7@osu.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.146.94.90] Content-Type: text/plain; charset="utf-8" Content-ID: <2A84A6CFDDED074EBC08953D975496BF@osu.edu> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD025; 1:IFPD3ZK4DDkd6nxTxaD9vvf8iX4ToDyDR7VVHDHYirz9EGyzvh4fW4/ReALShLinvDvJ5LLPhK359tw0yp1PNOYaHrdwxNsnE7Vc9t4rJcoC5wH02INGCwFyh/1IwudKI8wDrbMAkW2R5lGRu+EWe2hGLoXjTOVZ/t9LPccsIr1qUM9xCpAqs264bHdHjjx36OM4shl2MnfIqpipNu07zkGpikjTCrm2SvTzf34oNOJr1oFrVs4+C+nWlOjfJyD6FvIiUN8TwOhw5ROyt0EwQ48f54CMFtR/T2h1TcCGaIykE8nQCUzV0m49pMUn5l5Q X-Forefront-Antispam-Report: CIP:164.107.81.210; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(438002)(189002)(479174004)(24454002)(377454003)(199003)(33656002)(19580395003)(36756003)(2950100001)(46102003)(86362001)(47776003)(93886004)(2900100001)(4001540100001)(230783001)(90282001)(88552001)(92566002)(5001830100001)(110136002)(5250100002)(82746002)(75432002)(5001860100001)(89122001)(64706001)(102836002)(19580405001)(109096001)(6806004)(2656002)(106466001)(62966003)(76176999)(66066001)(5003600100002)(23676002)(106116001)(83716003)(50466002)(54356999)(93346002)(87936001)(50986999)(77156002)(189998001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1BFFO11HUB051; H:cio-krc-pf03.osuad.osu.edu; FPR:; SPF:Pass; PTR:cio-krc-pf03.osuad.osu.edu; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11HUB051; 2:gV6lTRrfkfwFkkZHlkxpKizGq3brptB2iSCUnIX56n1v+cbYaWalo/gnJ6lpBoHerCO3BERIxXE4VY4RXB4LKjPeBj4HuWbon8GBnjbn15WalofOzQ2fqumPVCwyc8o48RM7EIiOhmUxdl8Pg66y5pPH0NtlQgGdTtsmSXGW5VM=; 3:yb/O6LXH8EOvKi52B19TJWiLMYtcHtCqFEq3+6d3mLb+iR8t91DEgrFWVHcjddvpkEubUC0U0lfrL4YTT3GGPd4J024JkLNAa6c41W9FCQNIHvLpA8UqVZkcuCu2mNRPSMo/5Nt8fvrdy0QD3blZwAcUMkVaFjAoaS41GqAmPGfL8zy3OYYjNbszW9WPe1A2VVYR0Cdk6Gv680SEAduqyklaWNLfaprVXDWWtWA5oiw6HArxY2h3c9e9vxiVa7v+; 25:wErC9uEUjOkLRuX7auU/ybPx43Ljs56iWB5wWIjbHqi0y5F92EyGRy4cd2VTUcqGCs1DdqhbzXQJdgPutPCVhfwehhGGLYOmknmjAjTRdOFPfvLVRzkENq6b/FIJo9aRT53OAALHKvfrx7CCM12NINh7U/QVQK6bm9ZYphmdLgzyrrKwlqp3Zfnpt/EtRb3RvYSLpTxPGtJBGhG0rO/po1M5Y3H84s/3Q86bFmedglT249oBeMfInyECPZi3JTMx6l3QKuj8r6PeAxbTWZNG9g== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1BFFO11HUB051; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11HUB051; 20:zMEnVP/f5RAR7xqS3MIEeBiHvzlWvUi4UaZrFl4iiMBBmDBM22YiP9WbHr+HKbkhSG7LvvALG3/iJTKgyED2xsR3MncbvRIFT6uugIF6ONM+qki54sFslJEqT1kARk4MgQjp0mvMO/sjM9UocCeY02zATduaKs0VFpmRiDY7TqWhfC95Q/gdo+bgAkM9C/E+7C5u5iS89Hf5NPa/rFOHXW8yIkR94sFMyE40MJg/96AO+KnbDDyZBzhIa4IgKOlzDYWfdURIK0tNe4vxWCNX4jdfykhKccHM5SsTZ3RfI+QteAG68nmQ++yYK3bINRbZe9xHWn2lzpvOPXaZJUCfrCLH/3dlFvSyyR4d/dCPy3xi4v2SB64Z9dU7tQPE+zACsi4bBL61o0bIpDuEYZYsfW4/LNYQ+pjE4YRC7Wpv1SOgxgLXCOYM4TNraFqmxQ/N2CqQiI3ZN35TX1elDL/dW5IT+zuSDVIaTLDUsVSOzDSTImZipdbeQX7GY5Ap3odc; 4:Y8LvHIVcMaDnfBKDWK/PgnhwFOBMxhgSazpMeDu4Hfs6z/eJ250WrmYVz6F1weX+fToPYgOzqelppm7APb+oh6YT3AbSa1nOWsnSfkWXJDqTQC+jzPLUivAUUfBJRO3T46F1sJF5F9V/Xbl07nlF4zrbFkxbXKiux8/eeCRu5oroRNRyWxY1iNCvxESE2bhifjGpz6Ebl7Rgf68WVbb4qnXwo5hWZq7kgvahQs94qMokTWyvYTJWTwWsvUZdXn2KlQRy1CEvHd9wUBsoCmOCnoOqo5bnB6eDKkOEG6OJTcI= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BN1BFFO11HUB051; BCL:0; PCL:0; RULEID:; SRVR:BN1BFFO11HUB051; X-Forefront-PRVS: 06640999CA X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjFCRkZPMTFIVUIwNTE7MjM6TWNhb3pjSThaTjF4MUxsdk90bjJwNzN0?= =?utf-8?B?RWtPY1FoY0tDRjRhVlBwL3p6WVpKZUwwKzVTeHZMS2w4MVc1MFNtUGpFNm1u?= =?utf-8?B?U3IxOU5Sbm8xYkl0UXgxTTlXalFubnVaaVN1c2xPZlFEeEY4clhFeWZzWHYv?= =?utf-8?B?ZWhDQm53MkpaMzJ5akJkSWhTWWh4aTZSenYrUkpxS1hQRENjZzZ0NjYxVzlM?= =?utf-8?B?VWNWdnFNMkcxZHp2a1J6Y291enkrMVpXV3JsMGVjMW5JQkVhK0hja1FUYlNM?= =?utf-8?B?M0dQMEJuTVAvYjE2Yk55WmRKbStUamFvRkxaekZkNUc3VGhHdGN5Unh5YU81?= =?utf-8?B?azZUNjY3VGdqMFlqN3FHc3k4NnVXcVJNdVdWYXNmb05Mb1U3cWlhdmkxUW91?= =?utf-8?B?UjBXZXJJaFppU1hWbkJxUkFJTTF5ZEJ3UmZaV1lPemNMQ3RXZXhyRmlLdlIz?= =?utf-8?B?Tm9MeCtIVHMwRmRvTlpDcEdObVVHZ09aSWQzQTdoSVRiYTk0ZWh3enA2c2pz?= =?utf-8?B?WE9Ub1FqQnJ2blpSTE5CWERTZUlaSEdSSHhCVUdBc1I4Tng5TGYyL0NMRDl5?= =?utf-8?B?N0RkY21xd0M0dFZuWUVLb0Z1RGNnOWNYOGljRmh0bEx0NnFpUkdsdDcyalMw?= =?utf-8?B?UW5VdWM1dm5ZSk51RW53YXlWdzNWWElSZlhFS3Z3Mk5ndGVVTVNvQkR5MHd6?= =?utf-8?B?NU4wazRnUVJicGt1TGZ2eHlZM0drNDR5S0lURWl6RkhsQ0NXeWdWZnhranlv?= =?utf-8?B?TDNRY25LaXEyamthdWlvdmJRVFRmcWN6Sk5nZEFucWdHMGE1TG9Xc3o0dXdP?= =?utf-8?B?OUpZcU5FUXR5VTBCTnp6akphc1h0RXJFbWIydjFmbGNIVDcxbTJkZElwZ2hx?= =?utf-8?B?UkFwYWY2ZWFDMkRTQmI5Q3NZS09ySGVhQkdaL2UxRkozbEVKajhwYUZZcG5J?= =?utf-8?B?WWZYVzNFZGowQVJEeFkrVUdneXltUlNnVG5VcWVDQjVRWVZ1MU42SlBDNDZs?= =?utf-8?B?cjB4OXZhMkhhLzZvMTN2QjBsOHFiUW51UC95ZzN0RU5iSnRHNWc0aWdIY3Nv?= =?utf-8?B?OVN4d1RpNlptc0lIaDlZdnNKTWUyVXpYMUluekV5UHp2ZDVoSkFLa2hQYkxn?= =?utf-8?B?ZzhaLzZELzJLclFHUk1qOTJOb2MxcHdBTWN3R0VuVjFYLzV3UmtXWUcrTEN1?= =?utf-8?B?WDRadTIzTXg4T0Yxa1ZTTVlPOGZvYWhBcU5zazZSN3QzamJCS2ZPZHpxbEVW?= =?utf-8?B?dFpxMHkxMDRyTGJxUStTQUo4NG83VEJ2bHJLM0YxNGlYRzNnT3lBTjJDekJX?= =?utf-8?B?WGRXaHlWTUVjMkdjS0dZcHJxNjNIa1BwSjhtakpqS2pSMnR6Z2pwR0huMDY4?= =?utf-8?B?VnhzRTYrWk8yZktOM2FMa0dZaHB2VFN5NGFnS2YxZE5QT3lMdGR5emJjMW1D?= =?utf-8?B?WGlsQ1hIamgyUWdkTDNHcnN5ZThsRzZPb0xEWks2WUt1S1dkY0Z2UUNxZTBK?= =?utf-8?B?WHpGUnNPWXNvRGZYYUJma0VMRXQ0OEhpT1RUWTFUTlJ6clhsS3RrcEpYYUlI?= =?utf-8?B?YVFrVkZRdVFKdWhtVXp6NkgyQ2RvdUx0MU5xQ051MEVKRm1rWFU2OFAwdkxj?= =?utf-8?B?L2duN0l4ejIyNFlMdFVxaTNyY3c0QWlvQmJISmhqQ2NGVWFkTCtPUmE2ZEgr?= =?utf-8?B?Z1BBVzNHL3BvWU1KVUVlcVpNckpDQUgyVmJmcVFXUy90a3dacStYbDNkcmFY?= =?utf-8?Q?+GtVXvP+ERc/v5/1nRR2dCz3ujQ85U8nAx5bJ30=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11HUB051; 5:bh5l8KCDAM2WkG5tU9CpmBjFhHRHY9YaUQZoFab87LB3xJqN1rdnHy5B36ptzbneJm5iiMHVAhuNDG1b2+y8yfLmDuw6Z5d4J3IXxLuR1rXPMsnQ8hXPCkpP9cyrzCJ5z/FaYRNRajyTjY+X8yFIxg==; 24:ELV+2N3bd72lA4hXt1PMXlmTuMoGtl0S5zNqo342zy92gT8nONmR5M90HZ1+Vr72RFpAmkWehvEEIxd+5OVZOUAHkSukHQHvlzPyc1uJTxM= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: osu.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Aug 2015 15:31:12.0563 (UTC) X-MS-Exchange-CrossTenant-Id: b4d138ca-1815-4a9b-a3a7-130a33b1e692 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b4d138ca-1815-4a9b-a3a7-130a33b1e692; Ip=[164.107.81.210]; Helo=[cio-krc-pf03.osuad.osu.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1BFFO11HUB051 Archived-At: Cc: "abfab@ietf.org" Subject: Re: [abfab] Comments on draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2015 15:31:15 -0000 T24gOC8xMC8xNSwgMTA6MzggQU0sICJTYW0gSGFydG1hbiIgPGhhcnRtYW5zQHBhaW5sZXNzLXNl Y3VyaXR5LmNvbT4gd3JvdGU6DQo+DQo+VGhlc2UgYXJlIGluIGZhY3QgUkFESVVTIGVudGl0aWVz IHRoYXQgY2FuIGNvbW11bmljYXRlIHVzaW5nIFNBTUwgMi4wDQo+dXNpbmcgdGhlIGJpbmRpbmcg ZGVmaW5lZCBpbiB0aGlzIGRvY3VtZW50Lg0KPkN1cnJlbnRseSwgdGhhdCBpcyB0aGUgb25seSB1 c2UgZm9yIHRoZXNlIHJvbGVzLg0KDQpPay4gVGhlbiBJIHdvdWxkIHNheSBzdGF5aW5nIHNpbGVu dCBvbiBpdCBpcyBmaW5lIGFmdGVyIGFsbC4NCg0KLS0gU2NvdHQNCg0K From nobody Tue Aug 11 08:43:24 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 829B11A0174 for ; Tue, 11 Aug 2015 08:43:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YG_MIXALRalh for ; Tue, 11 Aug 2015 08:43:22 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED9E01A92EE for ; Tue, 11 Aug 2015 08:39:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 855722078F; Tue, 11 Aug 2015 11:38:37 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLFfIZ7CF-j5; Tue, 11 Aug 2015 11:38:37 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Tue, 11 Aug 2015 11:38:37 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 677B780910; Tue, 11 Aug 2015 11:39:51 -0400 (EDT) From: Sam Hartman To: Leif Johansson References: <55C871D0.8010405@mnt.se> Date: Tue, 11 Aug 2015 11:39:51 -0400 In-Reply-To: <55C871D0.8010405@mnt.se> (Leif Johansson's message of "Mon, 10 Aug 2015 11:41:36 +0200") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: abfab@ietf.org Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 15:43:23 -0000 Do we want to start a WGLC at the same time? From nobody Tue Aug 11 09:58:25 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4941ACDAE for ; Tue, 11 Aug 2015 09:58:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YE7sibl3jXir for ; Tue, 11 Aug 2015 09:58:22 -0700 (PDT) Received: from mail-lb0-f171.google.com (mail-lb0-f171.google.com [209.85.217.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0B421ACDA9 for ; Tue, 11 Aug 2015 09:58:21 -0700 (PDT) Received: by lbbsx3 with SMTP id sx3so33435995lbb.0 for ; Tue, 11 Aug 2015 09:58:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=LP2/nOydxzrH7TSV2jDtJ/KrC+AS0X2Ax4H/cl7GsxA=; b=KxAzJEkDNxU1oMFb5vRJ0QLyL1RD+wuyQvdTALDmttYUg+/AzaKvJImLEABojGgwY9 5lPAK8oMofvyq5lZy+hccigSKRJdgLudGhmkbK4Wwdf5jyL5FXOrhskfLc1LpxPZxchG iGEAFzPIDSfrQqEV6RORsWglHxD/BIHWNkirVIyWjCxlydsULsJeTpdcrjTohQBP2M6P dB3IjD0qvqHl7q/ulwrHBfJx6RR7nyyQBXTPlEfgOw1pNJqP7azRuZtAb+5kFM41Xmnx c2XU46L0GZwVeCDmDzS26T/rUyY5iipckfRQhOz+688bsvR6Nl4/I+6d2wW6peVUYoT0 D/TA== X-Gm-Message-State: ALoCoQmz/aOnoe36NJTZ3UPbMKtc4YssLpWB3HaUUYeJZb9E+yt2eDq5CDGlcDTgaNgsFsdFg/P7 X-Received: by 10.112.185.66 with SMTP id fa2mr27561450lbc.42.1439312300180; Tue, 11 Aug 2015 09:58:20 -0700 (PDT) Received: from [2.65.182.62] (2.65.182.62.mobile.tre.se. [2.65.182.62]) by smtp.gmail.com with ESMTPSA id wc1sm581916lbb.44.2015.08.11.09.58.18 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Aug 2015 09:58:19 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Leif Johansson X-Mailer: iPhone Mail (12H143) In-Reply-To: Date: Tue, 11 Aug 2015 18:58:17 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> References: <55C871D0.8010405@mnt.se> To: Sam Hartman Archived-At: Cc: "abfab@ietf.org" Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 16:58:23 -0000 > 11 aug 2015 kl. 17:39 skrev Sam Hartman : >=20 > Do we want to start a WGLC at the same time? I'm inclined to give the SSTC a couple of weeks to respond first - they oper= ate on a 4 week call schedule after all. I don't want to drag this out but w= e should at least give them a chance to read the thing before we light the f= use.= From nobody Tue Aug 11 10:28:34 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30AF1ACE03 for ; Tue, 11 Aug 2015 10:28:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6p4pDpjRiyr for ; Tue, 11 Aug 2015 10:28:31 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C87F1ACDFF for ; Tue, 11 Aug 2015 10:28:31 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 27A3120795; Tue, 11 Aug 2015 13:27:16 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwUYp4XjRgi8; Tue, 11 Aug 2015 13:27:15 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (c-50-136-30-120.hsd1.ma.comcast.net [50.136.30.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Tue, 11 Aug 2015 13:27:15 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 26A7680910; Tue, 11 Aug 2015 13:28:30 -0400 (EDT) From: Sam Hartman To: Leif Johansson References: <55C871D0.8010405@mnt.se> <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> Date: Tue, 11 Aug 2015 13:28:30 -0400 In-Reply-To: <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> (Leif Johansson's message of "Tue, 11 Aug 2015 18:58:17 +0200") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Archived-At: Cc: "abfab@ietf.org" Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 17:28:32 -0000 >>>>> "Leif" == Leif Johansson writes: >> 11 aug 2015 kl. 17:39 skrev Sam Hartman >> : >> >> Do we want to start a WGLC at the same time? Leif> I'm inclined to give the SSTC a couple of weeks to respond Leif> first - they operate on a 4 week call schedule after all. I Leif> don't want to drag this out but we should at least give them a Leif> chance to read the thing before we light the fuse. I don't see why the WG review and SSTC review cannot happen in parallel. We send to the IESG after successful WGLC plus successful SSTC review. From nobody Tue Aug 11 12:08:17 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 010B81AD160 for ; Tue, 11 Aug 2015 12:08:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QUJkcBYQN5Sh for ; Tue, 11 Aug 2015 12:08:14 -0700 (PDT) Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A314D1A8861 for ; Tue, 11 Aug 2015 12:08:13 -0700 (PDT) Received: by lbbpu9 with SMTP id pu9so91671373lbb.3 for ; Tue, 11 Aug 2015 12:08:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=Y3SLB0W8bAPyb64a7ZHoiSeCIqKQI9Pq/l7S10ZgJ9A=; b=lAAl8zkoUdYGjeycAKxh4a0RkFBkSjIo5rcln08aenXY+hRpgIJhgyO9+Ldrl/7KzV 3sHsoumO6ZjXzTKdcFyAy2TrwGAoMfe5Pudv7nySH36Pzr/KK50W/Feo+nfpm7fXH9B5 MjS+hMIidy0K5T7dWEh4jlBmR6XX302/awG8dPKjbRGuIH9+Bq4mGhgPOX3097rv+KMu mFHN0VmqClwNLmx5y3VzJ+hCsYdXE6xQi7mx0onXltsFzVyIBtbIuf3Nlt8pGYvcihIQ GiXFqy9RYCxIysHWLefnVMQKCBXAXkLOahm4wFXCHdW6UrB7GcluYAx40PGnX/Nh+LfX Op6w== X-Gm-Message-State: ALoCoQnXHkZJMKrSMU5Z6sK9enAR46nyvl86DV1RrgEE69pwTlpy6lYmfs5FF5Im2AItOtWBqQHn X-Received: by 10.152.20.228 with SMTP id q4mr9761446lae.74.1439320092101; Tue, 11 Aug 2015 12:08:12 -0700 (PDT) Received: from [10.0.0.140] (tb62-102-145-131.cust.teknikbyran.com. [62.102.145.131]) by smtp.gmail.com with ESMTPSA id ld2sm649913lac.49.2015.08.11.12.08.11 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 11 Aug 2015 12:08:11 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Leif Johansson X-Mailer: iPhone Mail (12H143) In-Reply-To: Date: Tue, 11 Aug 2015 21:08:10 +0200 Content-Transfer-Encoding: 7bit Message-Id: <39B87321-5D39-4CFD-A51E-1EC7A7690D23@mnt.se> References: <55C871D0.8010405@mnt.se> <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> To: Sam Hartman Archived-At: Cc: "abfab@ietf.org" Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 19:08:16 -0000 11 aug 2015 kl. 19:28 skrev Sam Hartman : >>>>>> "Leif" == Leif Johansson writes: > >>> 11 aug 2015 kl. 17:39 skrev Sam Hartman >>> : >>> >>> Do we want to start a WGLC at the same time? > > Leif> I'm inclined to give the SSTC a couple of weeks to respond > Leif> first - they operate on a 4 week call schedule after all. I > Leif> don't want to drag this out but we should at least give them a > Leif> chance to read the thing before we light the fuse. > > I don't see why the WG review and SSTC review cannot happen in parallel. > We send to the IESG after successful WGLC plus successful SSTC review. you in a hurry? :-) From nobody Tue Aug 11 14:30:41 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A3FA1B2AEC for ; Tue, 11 Aug 2015 14:30:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.911 X-Spam-Level: X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EeQO5XWI2xYj for ; Tue, 11 Aug 2015 14:30:38 -0700 (PDT) Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id 9C49C1B2AE4 for ; Tue, 11 Aug 2015 14:30:38 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id 80CDD413E6 for ; Tue, 11 Aug 2015 23:30:36 +0200 (CEST) X-Virus-Scanned: by antispam in UMU at xenon21.um.es Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1zaYwHbK1rgd for ; Tue, 11 Aug 2015 23:30:36 +0200 (CEST) Received: from [10.42.0.179] (84.121.18.25.dyn.user.ono.com [84.121.18.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alex) by xenon21.um.es (Postfix) with ESMTPSA id 54F53413E5 for ; Tue, 11 Aug 2015 23:30:34 +0200 (CEST) To: abfab@ietf.org References: <55C871D0.8010405@mnt.se> <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> <39B87321-5D39-4CFD-A51E-1EC7A7690D23@mnt.se> From: =?UTF-8?Q?Alejandro_P=c3=a9rez_M=c3=a9ndez?= Message-ID: <55CA6978.1010502@um.es> Date: Tue, 11 Aug 2015 23:30:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <39B87321-5D39-4CFD-A51E-1EC7A7690D23@mnt.se> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 21:30:41 -0000 I second having the WGLC while we wait for the SSTC review, if possible. -- Alejandro El 11/08/15 a las 21:08, Leif Johansson escribió: > > 11 aug 2015 kl. 19:28 skrev Sam Hartman : > >>>>>>> "Leif" == Leif Johansson writes: >>>> 11 aug 2015 kl. 17:39 skrev Sam Hartman >>>> : >>>> >>>> Do we want to start a WGLC at the same time? >> Leif> I'm inclined to give the SSTC a couple of weeks to respond >> Leif> first - they operate on a 4 week call schedule after all. I >> Leif> don't want to drag this out but we should at least give them a >> Leif> chance to read the thing before we light the fuse. >> >> I don't see why the WG review and SSTC review cannot happen in parallel. >> We send to the IESG after successful WGLC plus successful SSTC review. > you in a hurry? :-) > > _______________________________________________ > abfab mailing list > abfab@ietf.org > https://www.ietf.org/mailman/listinfo/abfab From nobody Tue Aug 11 14:34:01 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38ACB1B2AE7 for ; Tue, 11 Aug 2015 14:34:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.261 X-Spam-Level: X-Spam-Status: No, score=-0.261 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1TNZmlvcPIy for ; Tue, 11 Aug 2015 14:33:58 -0700 (PDT) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B9341B2AF3 for ; Tue, 11 Aug 2015 14:33:56 -0700 (PDT) Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id t7BLXnZE029559 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 11 Aug 2015 23:33:49 +0200 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id t7BLXkJD021193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 Aug 2015 23:33:48 +0200 (CEST) VBR-Info: md=sunet.se; mc=all; mv=swamid.se DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1439328829; bh=hIFKjzusqvSmXCC81tQIcBXsMOgULrPQQnZ7fK+ywd0=; h=Date:From:To:Subject:References:In-Reply-To; b=7CcUAZufh5BHLUOm/9b0hWTHKoAL+dqoMyofcwUhezoY1ym4DVpaKPicQCWzNpVCb O47IABxez8TTx3S5G2TkMg8vYJVJ2R7qSzkMj8A7Gb5TRVoTucc62cBC95UxYtY12A Fa9yfmxNbcZ5pUJhGnZO+Q5aFHYUMu2M2hkMi/XI= X-Footer: c3VuZXQuc2U= Received: from [10.0.0.120] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)); Tue, 11 Aug 2015 23:33:44 +0200 Message-ID: <55CA6A38.3070906@sunet.se> Date: Tue, 11 Aug 2015 23:33:44 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0 MIME-Version: 1.0 To: abfab@ietf.org, "Klaas Wierenga (kwiereng)" References: <55C871D0.8010405@mnt.se> <3FC21C98-D128-4E9C-AACC-18416B30E01E@mnt.se> <39B87321-5D39-4CFD-A51E-1EC7A7690D23@mnt.se> <55CA6978.1010502@um.es> In-Reply-To: <55CA6978.1010502@um.es> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN) X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09P3xxNdK - f2e5af35a08d - 20150811 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=; helo=smtp1.sunet.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Archived-At: Subject: Re: [abfab] SSTC review of draft-ietf-abfab-aaa-saml-11 X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Aug 2015 21:34:00 -0000 On 2015-08-11 23:30, Alejandro Pérez Méndez wrote: > I second having the WGLC while we wait for the SSTC review, if possible. > OK I hear you guys. Any opinion Klaas? From nobody Wed Aug 12 09:01:30 2015 Return-Path: X-Original-To: abfab@ietfa.amsl.com Delivered-To: abfab@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FF21A899D for ; Wed, 12 Aug 2015 09:01:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.234 X-Spam-Level: X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQCsQrbfX-Dh for ; Wed, 12 Aug 2015 09:01:26 -0700 (PDT) Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 770DD1A8989 for ; Wed, 12 Aug 2015 09:01:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 04BFE20798 for ; Wed, 12 Aug 2015 12:00:09 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdHOVw8b91g0 for ; Wed, 12 Aug 2015 12:00:08 -0400 (EDT) Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS for ; Wed, 12 Aug 2015 12:00:08 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id E0DFB80A45; Wed, 12 Aug 2015 12:01:24 -0400 (EDT) From: Sam Hartman To: abfab@ietf.org Date: Wed, 12 Aug 2015 12:01:24 -0400 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Archived-At: Subject: [abfab] [Phil Lello] [saag] SSH Protocol Extensions X-BeenThere: abfab@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Aug 2015 16:01:28 -0000 --=-=-= Content-Type: text/plain This is out of scope for ABFAB but probably interesting to folks here. --=-=-= Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from mail.painless-security.com ([unix socket]) by mail.suchdamage.org (Cyrus v2.4.16-Debian-2.4.16-4) with LMTPA; Wed, 12 Aug 2015 07:20:51 -0400 X-Sieve: CMU Sieve 2.4 Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 6DEC320798 for ; Wed, 12 Aug 2015 07:20:51 -0400 (EDT) Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GChmjLo8QgGu for ; Wed, 12 Aug 2015 07:20:50 -0400 (EDT) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.painless-security.com (Postfix) with ESMTPS for ; Wed, 12 Aug 2015 07:20:49 -0400 (EDT) Received: from mailhub-dmz-3.mit.edu ( [18.9.21.42]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 5E.3A.01570.D5C2BC55; Wed, 12 Aug 2015 07:22:05 -0400 (EDT) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id t7CBLmdp012883; Wed, 12 Aug 2015 07:22:04 -0400 X-AuditID: 1209190c-f79296d000000622-41-55cb2c5ddda0 Authentication-Results: symauth.service.identifier Received: from mail.ietf.org (mail.ietf.org [4.31.198.44]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id D6.C7.07807.B5C2BC55; Wed, 12 Aug 2015 07:22:03 -0400 (EDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A621A8AD4; Wed, 12 Aug 2015 04:22:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1439378522; bh=40U5aaBbDdCgZY1XP6SCE0Xoi3XH4qwz0OHcwYz3GmE=; h=MIME-Version:Date:Message-ID:From:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Sender; b=j6TgmM8mRy9R2qEl3tFztnV2RcpZJsbE1UzKTnmH0prva7sDhioOfa3/04Pc+VE4L aT9a6SUbb8sEkVpq6xxV3O5wiHM46wK0JtjVHBUGOlNCoShkFO37itlyKMz95kYHua KtFLyDlxcbeddAFVvszMGEYqtLU98a+n5dbSMcOg= X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B8F1A8AED for ; Wed, 12 Aug 2015 04:22:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WDzNsY0oKq6l for ; Wed, 12 Aug 2015 04:21:59 -0700 (PDT) Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD2A71A8AD4 for ; Wed, 12 Aug 2015 04:21:58 -0700 (PDT) Received: by lalv9 with SMTP id v9so7254582lal.0 for ; Wed, 12 Aug 2015 04:21:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=jucmOIeES3KfwY/PRMyJIE6xdJOirTMNKVwkIuAyXRU=; b=b6XQddPLqOrlAQx/ghQm8oRysL9wsJ3choPEDtI5xA49w1holPv4C2wei+mLGZESg5 kh2NZPP2GKXml8aOO4c6XAxOqFygoQPZ1lnzbmLCculE4d3qpfZUDD7D5edDmgcr8zCT S8hbOkyado7hdtYyvF88cGZX7K75FG3QZCw9n4b6tS9uBw5vlD1RyCgZDPAjg761vytg e9taoSrxorQIbh3QHwL6amDxtWksMeyv0IJo8+hyexrOeG0nxpSAAtA/6mwD3CDoO3w9 OMpi5HH4ZWrsWXJ9t/WVhrufyKGwnKIrqasLnnX76iX2YvS5ohwnPyjaUujzyy/yXWz4 15bA== X-Gm-Message-State: ALoCoQncDAnba74pCN3t7M4/wfPZAMRmMSVm+rXZtD+PuhYkBfv2EmXuGTfmwo5NxmARLRJryqlg X-Received: by 10.152.4.163 with SMTP id l3mr31891411lal.35.1439378517303; Wed, 12 Aug 2015 04:21:57 -0700 (PDT) Received: by 10.25.144.193 with HTTP; Wed, 12 Aug 2015 04:21:57 -0700 (PDT) Date: Wed, 12 Aug 2015 12:21:57 +0100 Message-ID: From: Phil Lello To: saag@ietf.org Archived-At: Subject: [saag] SSH Protocol Extensions X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: saag-bounces@ietf.org Sender: "saag" X-Brightmail-Tracker: H4sIAAAAAAAAA2WTX0wUVxTGe2eG2WHD0GGAcgTROqRUkV0F2mQfiPFBE0IToym8SJoydUd2 w+5CZxYjJjS2KMpqDBg3Klj++KcrUAIBCiioQBtAFhCbiKlVwIoWF6hBS2K0Smf2Lmri23fv +b7fuefmXobkPbpoxupwSrJDtAm0nuKDIxMMXyV6Mzfebkoy1R3v1JkWS6ZoU29DMTJNulzk ZirtUsU9XZpncYpKq3N7dWkHro3T26md+lSzZLPukeQNm7L1ltKGQZRfFrn3RfkB3X70JMyF ghngPoP+cyUk1h/B2EQT7UJ6hufOEvCwqlqHF78iGJ8ZIZcTjY/clKYRlwxdo74gTfPcRQJ8 w3k44EbQXD3mR1HcHRIu3nhMuBCjpgV41rNVC1DcGmg9PBro0Ixg+sw9He6wFk7VjSHs/xAa ++KwjIDZQ1uwIxRuzjwntChwHgQPbh0NcH5HUPnHKIkXvxBw++erND6eHe4O/huIjFBQe/lI EGZlQ8fwuH82lguD66enKbwvw/feNhKHv4CJCx4aH/sTuNLaRWP/dii9NEBomuY+heaJev8E ESpn6tjxwB1lQOk/j/yccNUzUHWBwuNEQ83LmDKUWPFOZ02T3DZwnZoksE6H+bsLZIWaINV0 UxWPt+Phz/ZbOqzXw0+1syTWiVDT9ZR+H7kaOubPBDAx4HnN1CB9PYo12/cZ7KLVpki7DMou 0eGQZEOS0W51GiVzQQvyv74VIZ1orlfoQxyDhBB2Y/lQJh8k7lEK7X1oBUMIkWzvam8mH/pN nrnQIiqWr+UCm6T0IWBIIYI9OqnaWbNYuE+S85ZLMQwlRLEtz0MzeC5HdEq5kpQvycvVlQwj ANuUoELDZClH2rvbanO+LRNMsAYPUeELmodV8kW7Ys3B9SGUwrS9HG8kmHb3RCPBU448hxQd xf6mWTnNailwvKEt/y8filKHC2e7NVeI+vve8HxqK0JtlbNKm0Nxim9L0fuR9Kri2x9zH/yd NR+XOlN4svmJa6TmtJCe2vPxiaH14XfWlBENwb7ZF5sh9jtHt3NnUYbhZsqNcth2xWM++MF5 9+Orh344mezL3VHkSa5fvB87XLtUnGU09cd1VhuXlj6PWTedOcf9tWqk5GDbrPF+sffLgsrI 3fEL3v98U13d2SmX3QKlWMSkBFJWxP8B9MFmdDoEAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA2VTf2wTZRjed3fr3Wpv3m6be9eBkxMVdJ06/HH+iCkEpxmJ2SL7RzRytGdb 6Y/lrls2/gFhMlcmQcnCfqW2wbGJ1A3Y2GYjkSYyZGVuc2MoWDACsV1ARWJAEuLdvg4x/nN5 vvd9nud93i/fMSR/ljYzcr1fVrySWzAYKar4eInlzZKx6iemefFSeJIUj09axa6BenE0eC1T TGy/QIo9B9sJ8eoXTUjcse2gQXy/5SYtJpO7DVbjq1vj35CV6A3ji3bZ7aqTlcdfWm90Nn9+ AtXsyq//+6NGegv6LSeAshjgnoLI5VZKx4grg+h4KhPX74OJRJ9BxzzXS0Aq7gsgo4ZbEfR/ MmHQDxT3Iwm93yWJAGI0hQB/fv2yLqC4JXD4g3EaC/oRXOz6icauy6DtswmE+fdCJPYghnkw 17QaM7Jh8tcbhC4FrgfBLzMtaZ8pBJ0/jJP4MEjA7IGj6XgeOHfielpyioLwlzvSO6yHofhp UscslwPftl+kcF2B98YGSCxeA4nuHgOO/RB8dThqwPxKaB4ZJXRs4B6B/sT++Q3yNJ8LOz9O 39daaL56ed4nV+OMBrspvI4ZQreK8KhCiH9/CumY4zgIfjoyb2ninoYPj3VRu9CyjrvS6Zjk XoNA23kC4wq4cu4PskNzJbUJfUEelx+Gs0dmaIwfg33hORLjEghFrxn+b1kMQ1e60jZF0HOb CSHjfrTY7tlk8UgutyrbLKpN8nplxfJsqcflL5XttYeQ9g55evXSYbQtJsQQxyDBxJ7ZebKa z5Tq1AZPDBUyhJDPHiseq+azN/jsDU5Jdb6t1LplNYaAIYU8tuW8RmftUsMmWfEttIoYSihg D93IXstzDskvb5TlGllZ6BIMHUOLGEYA9oXlmnOOIjvk+ndcbv/dnCz9Y9THmLQxFTqRVWsk j+pyYNJJtIIZuHU6QjBHWhMRgqe8Pq9sLmD36FROpzprvXcsF/65KbTYnMuijIwM3qRl0q7i v/0UKtCuIZd9XXcxubz+O/NSWhRCi+K4X99Y9Uv/tsxbkD/TuiheVtoIM6leW1XHcF2VLTro sAUFobtp83Tnc1aZWjUSagwM7cuit0aYNSse6JudXrm3/d2lrzyTsaHsHvr5wvKSlW3bLw0m 1+2Z+z0UjS9Z91Y4K1kw+5dveXgk3xqdPnN0b2XnVPnm8mHRbdloqcj++UDh5Lhn1fXbVTd5 gVKd0pOPkooq/QOcJCx1bgQAAA== MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=====-=-=" --=====-=-= Content-Type: multipart/alternative; boundary="======-=-=" --======-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, I'm currently working on extensions to the SSH protocol; as I believe the SecSH WG is effectively dormant, is this list the best place to discuss the proposals? Briefly, I am seeking to add support for federated/asserted identities to SSH, for scenarios where the protocol is used as an application transport (e.g. git, svn). This involves the client sending a desired username for authentication, along with a authentication token from a trusted 3rd party. In the initial implementation, this would be a SAML assertion, although I intend to make the implementation generic enough to support other mechanisms. Trust relationships for valid IdPs would be handled according to local policy. A related extension will be a formal websocket binding for SSH, and I expect the reference implementation of this to be a patch to Gerrit (a git-based code review tool that contains an embedded Java SSH server). Phil Lello --======-=-= Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi,

I'm currently wor= king on extensions to the SSH protocol; as I believe the SecSH WG is effect= ively dormant, is this list the best place to discuss the proposals?
Briefly, I am seeking to add support for federated/asserted identiti= es to SSH, for scenarios where the protocol is used as an application trans= port (e.g. git, svn). This involves the client sending a desired username f= or authentication, along with a authentication token from a trusted 3rd par= ty.

In the initial implementation, this would be a SAML assertion, a= lthough I intend to make the implementation generic enough to support other= mechanisms. Trust relationships for valid IdPs would be handled according = to local policy.

A related extension will be a formal websocke= t binding for SSH, and I expect the reference implementation of this to be = a patch to Gerrit (a git-based code review tool that contains an embedded J= ava SSH server).

Phil Lello
--======-=-=-- --=====-=-= Content-Type: text/plain Content-Disposition: inline _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag --=====-=-=-- --=-=-=--