Upload
rafe-reynolds
View
219
Download
4
Embed Size (px)
Citation preview
Web Authentication Enhancement BOF (WAE)
Chair: Pete Resnick
IETF 66
Agenda (1)• Scribes, blue sheets, agenda bash - 2 min.• Getting terms straight - 10 minutes• Problems we are trying to solve - 55 min.
– Discuss what sort of authentication/identification from user to server is desired
• Anti-phishing discussion here
– Discuss what sort of attribute info from user to server is desired
– Discuss whether remote storage of attributes is desired
– Discuss whether 3rd-party claims are desired
Agenda (2)• Mechanisms to use? - 55 min.
– Discuss downsides of using current web auth mechanisms (i.e., user-agent changes)
– Discuss downsides of using mechanisms that include no user-agent changes
– Discuss authentication mechanism in light of above discussions
• What work items do we have? - 28 min.– Enumerate work items– Enumerate documents (if different than above)– Enumerate editors
• End
Terminology
• Reading assignment: RFC 2828• Authentication• Authorization• Credential• Attribute• Assertion• Others?
Problems we want to solve• Capture-Resistant Credentials (CRC)• Hijack-Resistant Authentication (HRA)• Portable Credentials (PC)• Fill-in of Personal Information (FPI)• Common User Credentials (CUC)• Continuity of Identity (CI)• User-Friendly Names (UFN)• Assertion of External Claims (AEC)• Independent Assertion of Claims (IAC)• Private Authentication (PA)• Single Site Unlinkability (SSU)• Multiple Site Unlinkability (MSU)• Attack Resistant Credentials (ARC)
Mechanisms/Architectures• Bare Cryptographic Identifier (CRC, HRA,
CUC, CI, PA)• Identity Certificates (Above + UFN)• Signature + Key Server (PC + whatever)• Attribute Certificates (CRC, HRA, FPI (some),
PC (w/ key server), CUC, CI, UFN, AEC, IAC, PA)
• Identity Provider (PC, CUC, CI, UFN, maybe PA)– w/assertions (FPI, AEC, IAC)– w/authentication (CRC, HRA)