Hi All, I posted a new Internet-Draft yesterday on ABFAB Multihop Federations.
I had to submit the draft via e-mail because of a problem using the ID submission tool, and it doesn't seem to have been posted to the Internet-Drafts archive yet. I have posted it on the Project Moonshot site, though, and it can be found here: http://www.project-moonshot.org/sites/default/files/draft-mrw-abfab-multihop-fed-00.txt The abstract for this draft is: Abstract This document describes a mechanism for establishing trust across a multihop federation within the Application Bridging for Federation Beyond the Wed (ABFAB) framework. This document introduces a new ABFAB entity, the Trust Router. Trust Routers exchange information about the availability of Trust Paths across a multiphop federation. They can be queried by a Relying Party to obtain the best Trust Path to reach a RADIUS or RADSEC server in a given realm. They also provide temporary identities that can be used by a Relying Party to traverse a Trust Path. This document is currently limited to discussing a proposed mechanism to achieve a multihop federation in the ABFAB framework. Later versions of this document (or companion documents) will describe the protocols and algorithms in more detail. The document doesn't, yet, contain a full protocol specification, just a high-level "boxes and arrows" description of how a multihop federation could work. This draft intentionally subsumes the role of the Key Negotiation Protocol (KNP) into a new ABFAB entity called a Trust Router. Hopefully this will serve as a useful starting place for further discussion. Feedback will be appreciated! Margaret
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
