Common Authentication Technology Next Generation (kitten) --------------------------------------------------------- Charter Last Modified: 2011-03-31 Current Status: Active Working Group Chair(s): Shawn Emery Tom Yu Alexey Melnikov Security Area Director(s): Stephen Farrell Sean Turner Tim Polk Security Area Advisor: Stephen Farrell Mailing Lists: General Discussion:kitten@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/kitten Archive: http://www.ietf.org/mail-archive/web/kitten/current/maillist.html Description of Working Group: The Generic Security Services (GSS) API and Simple Authentication and Security Layer (SASL) provide various applications with a security framework for secure network communication. The purpose of the Common Authentication Technology Next Generation (Kitten) working group (WG) is to develop extensions/improvements to the GSS-API, shepherd specific GSS-API security mechanisms, and provide guidance for any new SASL- related submissions. This working is chartered to specify the following extensions and improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API: * Provide new interfaces for credential management, which include the following: initializing credentials iterating credentials exporting/importing credentials * Specify interface for asynchronous calls. * Define interfaces for better error message reporting. * Provide a more programmer friendly GSS-API for application developers. This could include reducing the number of interface parameters, for example, by eliminating parameters which are commonly used with the default values. This WG is also chartered to transition proposed SASL mechanisms as GSS-API mechanisms: * A SASL Mechanism for OpenID draft-lear-ietf-sasl-openid-00 * A SASL Mechanism for SAML draft-wierenga-ietf-sasl-saml-00 The transition from SASL to GSS-API mechanisms will allow a greater set of applications to utilize said mechanisms with SASL implementations that support the use of GSS-API mechanisms in SASL (draft-ietf-sasl- gs2). * Shepherd draft-ietf-sasl-digest-to-historic to publication. This WG should review proposals for new SASL and GSS-API mechanisms, but may take on work on such mechanisms only through a revision of this charter. The WG should also review non-mechanism proposals related to SASL and the GSS-API. However, work that adds SASL or GSS-API support in application protocols should be handled by the application's WG. Deliverables: * GSS-API: initializing credentials * GSS-API: iterating credentials * GSS-API: exporting/importing credentials * GSS-API: specification for asynchronous calls * GSS-API: interfaces/improvements for better error message reporting * GSS-API: programmer friendly interfaces * GSS-API: transition SASL mechanism for OpenID * GSS-API: transition SASL mechanism for SAML * GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana * GSS-API: publish draft-ietf-kitten-gssapi-naming-exts * SASL: publish draft-melnikov-digest-to-historic Goals and Milestones: Done Submit naming-exts to the IESG as Proposed Standard Aug 2010 WGLC on gssapi-extensions-iana Aug 2010 Submit gssapi-extensions-iana to the IESG as Proposed Standard Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Feb 2005 Apr 2009 Namespace Considerations and Registries for GSS-API Extensions May 2005 Feb 2011 GSS-API Naming Extensions Jun 2010 Apr 2011 Moving DIGEST-MD5 to Historic Aug 2010 Apr 2011 A SASL & GSS-API Mechanism for OpenID Sep 2010 Feb 2011 A SASL and GSS-API Mechanism for SAML Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC4178Standard Oct 2005 The Simple and Protected Generic Security ServiceApplication Program Interface (GSS-API) Negotiation Mechanism RFC4401Standard Feb 2006 A Pseudo-Random Function (PRF) API Extension for the Generic Security Service Application Program Interface (GSS-API) RFC4402Standard Feb 2006 A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism RFC4768 I Dec 2006 Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming RFC5178 PS May 2008 Generic Security Service Application Program Interface (GSS-API) Internationalization and Domain-Based Service Names and Name Type RFC5179 PS May 2008 Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism RFC5554 PS May 2009 Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings RFC5588 PS Jul 2009 Generic Security Service Application Program Interface (GSS-API) Extension for Storing Delegated Credentials RFC5587 PS Jul 2009 Extended Generic Security Service Mechanism Inquiry APIs RFC5653 PS Aug 2009 Generic Security Service API Version 2: Java Bindings Update