[ietf-enroll] WG Action: Credential and Provisioning (enroll)
Paul Hoffman / VPNC
paul.hoffman at vpnc.org
Tue Nov 25 14:08:46 EST 2003
[[ This doesn't appear to have made it to the mailing list. Again,
this caught the now-WG chairs off-guard, but we'll work on getting
the concerns raised at the BOF meeting incorporated in a revised
charter. More soon. ]]
From: The IESG <iesg-secretary at ietf.org>
To: IETF-Announce: ;
Cc: Eric Rescorla <ekr at rtfm.com>, Paul Hoffman <phoffman at imc.org>
Subject: WG Action: Credential and Provisioning (enroll)
Date: Mon, 24 Nov 2003 15:31:06 -0500
Sender: dinaras at cnri.reston.va.us
A new IETF working group has been formed in the Security Area.
For additional information, please contact the Area Directors or the WG Chairs.
Credential and Provisioning (enroll)
------------------------------------
Current Status: Active Working Group
Chair(s):
Eric Rescorla <ekr at rtfm.com>
Paul Hoffman <phoffman at imc.org>
Security Area Director(s):
Russell Housley <housley at vigilsec.com>
Steven Bellovin <smb at research.att.com>
Mailing list: ietf-enroll at mit.edu
To Subscribe: mailman at mit.edu
In Body or Subject: subscribe
Archive:
Description:
There are many cases where a service consumer needs to contact a
service provider to get credentials that the consumer can use when
accessing the service; part of this initial contact may involve
the consumer and the provider mutually validating the other's identity.
This working group will look at some of the cases where cryptography
is used to provide authentication.
When doing enrollment of a service consumer against a service provider,
three pieces of information need to be provided or created in order to
support authentication of the service consumer to the service provider
(and visa versa) and to allow for additional security services to be
provided any information exchanged. These pieces of data are:
1. An identifier, within a namespace controlled by the service
provider, for the service consumer.
2. Keying information to be used for identity confirmation.
3. A set of service consumer permissions. These permissions
describe to the provider the services that the consumer
wants to access, and they describe to the consumer what
services offered by the provider will be accessable.
Each of these data items could be created by either the consumer or
provider at any point during the enrollment process.
This group will create a model to be used in describing enrollment
procedures and create a document for a framework how this is to be done.
The group will then produce three documents profiling the use of the
framework for the following types of keying material:
1. A shared secret key.
2. A bare asymmetric key.
3. A bound asymmetric key (such as an X.509 certificate).
As part of the validation of the framework, the group will examine how
other real world enrollment procedures could be profiled. For example,
credit card information might be part of the input to the enrollment
process.
Goals and Milestones:
Nov 2003 First draft of model
Feb 2004 Last call on model document
Feb 2004 First draft of Framework document
Jun 2004 Last call on module document
May 2004 First draft of secret key profile
May 2004 First draft of bare asymmetric key profile
May 2004 First draft of bound asymmetric key profile
Oct 2004 Last call on secret key profile
Oct 2004 Last call on bare asymmetric key profile
Oct 2004 Last call on bound asymmetric key profile
More information about the ietf-enroll
mailing list