IETF 82 - kitten Working Group Minutes ====================================== Location: Taipei, Taiwan – (International Convention Center) Room: 101C Time: Tuesday, 15 November 2011, 17:10 - 18:10 Local Time Co-Chairs: Tom Yu Shawn Emery Alexey Melnikov Scribe: James Schaad Security Area Director: Stephen Farrell Action Items ============ Shepherd/Eliot Lear: Work with the OpenID group to elide stability concerns for references in the SASL-OpenID draft. Hannes Tschofenig: Send to the list the design discussion points for the SASL-OAuth draft. Sam Hartman: Start discussions on the GSS-API memory management issues on the list. Chairs: Provide errata on RFC 2744 to specify GSS_C_AF_UNSPEC (0) to indicate no addresses for initiator/acceptor-address-type(s). Find volunteer to update 2744 to specify this change and to list the various specifications affected by this. Leif Johansson: Update naming-extensions draft to include text on how to enforce criticality of setting naming attributes. Conference Session ================== Agenda Active Working Group Items gssapi-extensions-iana ---------------------- Shawn Emery: Need help to rewrite draft to utilize a per programming language registry - please see Shawn if interested. gssapi-naming-exts ------------------ Leif Johansson: Gave a presentation on updates to the naming extensions draft: Will update example section on the persistent NameID. Another updated will be made on how to enforce criticality when setting naming attributes. Consensus Call: Should we update text to state something like the following: Should an error code be returned if the name attribute is unknown as well as state that to enforce criticality that the caller verify that the name attribute had actually been set through the credential handle (e.g. after security context establishment). For: most Against: none sasl-openid ----------- Eliot Lear: Gave a presentation on secdir and Gen-ART comments. Numerous secdir comments were on correcting nomenclature used and clarifying references made to the SASL and GS2 specifications. Gen-ART comments were made on the stability references made to normative references. Eliot will work with the OpenId foundation to discuss on possibly changing/ensuring future stability of versioning and the URI/URL site referenced. sasl-saml --------- Chairs have submitted PROTO writeup to the secratariat. Current state is publication requested. sasl-saml-ec ------------ Authors need guidance to include support for per message tokens. Sam Hartman has agreed to help with this. OASIS specifications require implementation review to proceed drafts through the standarization process. Unfortunately the implementation of the SAML-EC profile will not occur until the first quater of the calender year 2012. sasl-oauth ---------- Hannes Tschofenig: Gave a presentation on proposed SASL-OAuth changes. First discussion point was to decide whether to use different formats for SASL integration; HTTP-style or native form. Hannes will take this and the other two dicussions (security mechanisms (MAC or Bearer Token, etc.) and discovery mechanism for authorization server) to the list. Memory Management Issues w/GSS-API ---------------------------------- Sam Hartman: Presented issues with memory management of the GSS-API. He will present the issues and possible solutions to the list. Errata to RFC 5801 ------------------ Currently there is an issue with the assigned value for no addresses in channel binding information for initiator/acceptor-address-type. Currently the draft specifies this as 0 (zero), however RFC 2744 specifies this as GSS_C_AF_NULLADDR (255). The proposed solution, by Martin Rex, is that we file an errata against 2744 and to specify that the address types be GSS_C_AF_UNSPEC (0) for channel bindings with no addresses. In addition, create an RFC to update 2744 to list the other specifications that used GSS_C_AF_NULLADDR to use GSS_C_AF_UNPSEC. Consensus call: Those against having both an errata to update 2744 and an RFC to update 2744, listing those specifications that should use GSS_C_AF_UNSPEC (0): none Open Mic -------- None. ============ Session Over