Folks, I've been thinking about the mandatory to implement signature validation issue. The more I think about it, the more I agree with stephen and Scott that end-to-end security is important for ABFAB. It won't always be used; just as with other technologies, people will sometimes want to introduce middleboxes. However it's important to have a way of talking to the ends.
However, I think SAML signatures are the wrong level to accomplish thit. The issue is that there's a lot of important stuff in ABFAB that comes in AAA not SAML. All the concerns about SAML can apply to the AAA elements. I was asking myself why Moonshot doesn't worry about this. Then I realized that we do. we're going out of our way to set up end-to-end RADSEC. We get protection of the SAML, but we also get protection of the AAA attributes. RADSEC can be used in a hop-by-hop manner. However, RADSEC is specified with a lot of thought towards enabling end-to-end uses. Multiple technologies, including the dynamic SRV-based mechanism and Moonshot's trust router are evolving to make end-to-end RADSEC easier to deploy. So, I think that RADSEC is a better MTI security technology for ABFAB than signature validation. I'd prefer to make RADSEC a MUST and SAML signature validation a SHOULD. I've run this by Alan, Josh, Scott and Jim. They seemed to like the idea, so I'm presenting it here. Note that there is a process issue with RADSEC; it's not standards-track. Let's assume for the moment that I can come up with a solution to that (I believe I have two avenues to approach) do we believe that if we can make it work that would be the right technical approach? --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
