Technical Summary
This document specifies authorization extensions to the Transport
Layer Security (TLS) Handshake Protocol. Extensions carried in the
client and server hello messages to confirm that both parties support
the desired authorization data types. Then, if supported by both the
client and the server, authorization information is exchanged in the
supplemental data handshake message.
Working Group Summary
This document is not the product of the TLS working group but has
been reviewed there. Changes were made to address comments. The
document went through four contentious IETF last calls. Controversy
centered on RedPhone's IPR, but no technical issues were raised. The
IPR issues have been particularly heated, including a Free Software
Foundation email campaign against standards with patented technology.
The TLS working group chairs also raised procedural issues, stating
that
standards track publications of this magnitude should be developed in
the working group. After some deliberation, I gauge rough consensus
within the IETF to support publication as an Experimental RFC, but not
to publish on the standards track.
Protocol Quality
This specification has been reviewed for the IESG by Tim Polk.