Technical Summary
This memo describes an architecture that makes use of extensions to
the commonly used security mechanisms for both federated and non-
federated access management, including the Remote Authentication Dial
In User Service (RADIUS) and the Diameter protocol, the Generic
Security Service (GSS), the Extensible Authentication Protocol (EAP)
and the Security Assertion Markup Language (SAML). The architecture
addresses the problem of federated access management to primarily
non-web-based services, in a manner that will scale to large numbers
of identity providers, relying parties, and federations.
Working Group Summary
The WG process, although it took some time, hasn't been particularly contentious.
Instead there has been a lot of feedback from the core spec work and this
specification which has necessarily delayed the work a bit.
Document Quality
This is an informational document that describes abfab architecture. The abfab suite
of protocols has been implemented once by the moonshot project. Afaik there are no
other implementations but the night is young.
The work of Jim Schaad in particular has been excellent. His thoroughness
and dedication to quality has meant a lot for getting this document done.
Personnel
The document shepherded is Leif Johansson (WG chair).
The responsible AD is Stephen Farrell.
RFC Editor Note
(1) I-D nits notes a couple of outdated references which is fine and
easy fix, but also...
(2) There're some URL references of the form [1], [2] etc that need
fixing - the xml is apparently correct but the txt file is not. The authors
and AD know how to fix it, so please just check at AUTH-48