Federated Authentication Beyond The Web: Problem Statement and Requirements
draft-tschofenig-moonshot-ps-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Hannes Tschofenig | ||
Last updated | 2010-07-26 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
It is quite common that application developers and system architects are in need for authentication and authorization support in a distributed environment. At least three parties need to cooperate, namely the end host, the identity provider, and the relying party. At the end of the exchange the identity provider asserts identity information or certain attributes to the relying party without exposing the user's long-term secret to the relying party. Although the problem sounds challenging and interesting, it is not new. In fact, various IETF groups have produced specifications to solve this problem, such as Kerberos, RADIUS, and Diameter. Outside the IETF various Single-Sign-On solution for HTTP-based applications have been developed as well. The reader might therefore wonder about the need for new work given the existence of readily available solutions. This document tries to answer this question in a compact fashion. Note that the description in this document focuses on the scope of the new work as part of the "Federated Authentication Beyond The Web" BOF being proposed rather than what could be theoretically done.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)