El 06/07/11 13:22, Klaas Wierenga escribió: > On 7/6/11 12:09 PM, Josh Howlett wrote: > > Josh, > > > This is an interesting use-case. > > > What do you think is the benefit to dynamic cross-layer provisioning > > of credentials (which I think is what you're describing) over an > > out-of-band pre-provisioning of credentials? For example, the network > > operator already presumably includes some credentials in the end > > user's device for accessing the network (such as a SIM). Why not just > > use the same credential for applications? Doesn't this bring the same > > stakeholder benefits that you describe at the end of section 2? > > I don't really understand your question. I assume that the service > provider and the IdP are in different administrative domains, so surely > you don't want to exchange user credentials across those? > > The way I have read the draft is that they want to take a network > authentication and use that to authenticate to applications, both in and > outside the administrative domain of the operator.
Regarding this use-case you could consider interesting the work done in DAMe and DAMe-2 Let this paper serves as an summary: http://www.sciencedirect.com/science/article/pii/S0920548908000305 The idea behind this work was to authenticate the network access and, making use of the EAP tunnel between the end user supplicant and the home RADIUS server, to distribute a SAML authentication token which was securely stored in the end user supplicant. Once the token is available, the end user could make use of it to request SSO access to non-web applications. Indeed we are currently integrating this idea with the Kerberos scenario Best regards, Gabi. > > Klaas > > > > Josh. > > > On 04/07/2011 12:47, "[email protected]" > > <[email protected]> wrote: > > >> > >> Hi, all > >> > >> A new draft is uploaded into abfab, please review it. Any comments > >> are welcome! > >> > >> ------------------------------------------------------- > >> http://www.ietf.org/id/draft-wei-abfab-fcla-00.txt ABFAB > >> > >> > >> Y. Wei, Ed. Internet-Draft > >> > >> ZTE Corporation Intended status: Informational July 4, 2011 > >> Expires: January 5, 2012 > >> > >> > >> Federated Cross-Layer Access > >> > >> draft-wei-abfab-fcla-00 > >> > >> Abstract > >> > >> Network stratum and application stratum form a federation to > >> faciliate user's access. Network operator acts as Identity > >> Provider (IdP), and application reuses underlying network's > >> security capabilities to simlify application's access. This > >> document is to introduce such federated cross-layer access use > >> case. > >> > >> > >> -------------------------------------------------------- ZTE > >> Information Security Notice: The information contained in this > >> mail is solely property of the sender's organization. This mail > >> communication is confidential. Recipients named above are obligated > >> to maintain secrecy and are not permitted to disclose the contents > >> of this communication to others. This email and any files > >> transmitted with it are confidential and intended solely for the > >> use of the individual or entity to whom they are addressed. If you > >> have received this email in error please notify the originator of > >> the message. Any views expressed in this message are those of the > >> individual sender. This message has been scanned for viruses and > >> Spam by ZTE Anti-Spam system. > >> _______________________________________________ abfab mailing list > >> [email protected] https://www.ietf.org/mailman/listinfo/abfab > > > > JANET(UK) is a trading name of The JNT Association, a company > > limited by guarantee which is registered in England under No. 2881024 > > and whose Registered Office is at Lumen House, Library Avenue, > > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG > > > _______________________________________________ abfab mailing list > > [email protected] https://www.ietf.org/mailman/listinfo/abfab > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab -- ---------------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected] _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
