Application Bridging for Federated Access Beyond web (ABFAB) Credential Forwarding and Delegation
draft-paetow-abfab-credential-forward-delegate-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Stefan Paetow | ||
| Last updated | 2016-01-07 (Latest revision 2015-07-06) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A core use case of ABFAB-based authentication is access to remote systems. In this and other use cases it is preferable that the same identity initially used to gain access to the remote system is used for further authentication sessions from the initial system onwards. The current architecture and UI considerations require the use of secure storage local to the system for any identities from that system onwards. This document aims to explore alternate proposals for the reuse of an identity configured on the initial ABFAB-enabled client device by the use of credential forwarding or delegation in a similar fashion to those used by other GSS-API mechanisms.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)