Identity 2.0 at IETF66
Yesterday was the WAE BOF at IETF66
The first item was Terminology. Here were some of the references for those interested:
RFC 2828 Internet Security Glossary
http://www.ietf.org/rfc/rfc2828.txt
Internet Security Glossary, Version 2
http://www.ietf.org/internet-drafts/draft-shirey-secgloss-v2-04.txt
SAMLv2: Glossary
http://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf
“identity gang” lexicon
http://identitygang.org/Lexicon.
After much discussion, the group came up with the following two groupings:
1. Fixing HTTP Authentication to help solve phishing, allow rich clients to easily authenticate using HTTP and tied in is the ability to have a cross-site identifier and SSO like capabilities. This work was clearly the interest to the IETF security mafia in attendance.
2. Claim and Attribute Transferral so that users can have software assist them in moving around profile data and 3rd party claims about themselves. This was of interest to the rest of us there.
Although we did not get a clear charter on forming a working group, it was a useful BOF as it helped to group the problem into a couple chunks, so that security people understand what we are trying to do with Identity 2.0 and hopefully feel that we understand the requirement for good security.
Eric Rescorla (known to many as ekr) posted a security oriented BOF Report here.
Technorati Tags: identity, sxip
digg this
del.icio.us this
