Dear all,
We just submitted an I-D to IETF regarding the security of federated identitiy
managment in ABFAB few days ago. Please kindly review and feel free to give us
any comments. Thank you in advance.
Key points & Requirements Analysis
This I-D describes two use cases in ABFAB. The main idea is to differentiate
the level of assurance for authentication and to classify the authenticity of
attributes in order to improve the security and usability of federation
identity management on ABFAB architecture.
The former is usually used for meeting the requirements of multiple terminals
accessing network and complexity of network environment. To differentiate
authentication level can make a trade-off between usability and security. The
latter is typically used to assist service providers to make authorization
decisions, that is service providers can grant specific protected resources to
requestors according the trustworthiness of their identity attributes without
compromising the security of resources.
Although ABFAB architecture can support multiple authentication mechanisms and
attributes transmission, it does not give a fine-grained classification which
can satisfy requirements in real world better.
Best wishes, Juan
Wei Juan
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
