• Home
• About the IETF
• Mission
• Standards Process
• Note Well
• NomCom
• Info for Newcomers
• Internet-Drafts
• Search
• Submit
• Tracker
• RFC Pages
• Search RFC Ed Index
• RFC Editor Queue
• Working Groups
• WG Charters
• Email Lists
• WG Chairs' Page
• Web Tools
• Community Tools
• Wikis
• Meetings
• Upcoming Meetings
• Past Meetings
• Important Dates
• Proceedings
• Mailing Lists
• Announcement Lists
• Discussion Lists
• Non-WG Lists
• IESG
• Announcements
• Statements
• Members
• Minutes
• IPR
• IPR Policy
• File a Disclosure
• Disclosure Search
• Liaisons
• Liaison Statements
• Liaison Managers
• Contact
• Legal Matters
• Report Web Site Errors
• Customize View
  
• Brief
• Normal
• Extended
• Advanced
• (Requires Javascript)

Common Authentication Technology Next Generation (kitten)

Last Modified: 2010-07-23

Additional information is available at tools.ietf.org/wg/kitten

Chair(s):

• Shawn Emery <shawn.emery@oracle.com>
  
• Tom Yu <tlyu@mit.edu>
  

Security Area Director(s):

• Sean Turner <turners@ieca.com>
  
• Tim Polk <tim.polk@nist.gov>
  

Security Area Advisor:

• Tim Polk <tim.polk@nist.gov>
  

Mailing Lists:

General Discussion: kitten@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/kitten
Archive: http://www.ietf.org/mail-archive/web/kitten/current/maillist.html

Description of Working Group:

The Generic Security Services (GSS) API and Simple Authentication and
Security Layer (SASL) provide various applications with a security
framework for secure network communication.  The purpose of the Common
Authentication Technology Next Generation (Kitten) working group (WG) is
to develop extensions/improvements to the GSS-API, shepherd specific
GSS-API security mechanisms, and provide guidance for any new SASL-
related submissions.

This working is chartered to specify the following extensions and
improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API:

* Provide new interfaces for credential management, which include the
following:
  initializing credentials
  iterating credentials
  exporting/importing credentials

* Specify interface for asynchronous calls.

* Define interfaces for better error message reporting.

* Provide a more programmer friendly GSS-API for application developers.
This could include reducing the number of interface parameters, for
example, by eliminating parameters which are commonly used with the
default values.

This WG is also chartered to transition proposed SASL mechanisms as
GSS-API mechanisms:

* A SASL Mechanism for OpenID
  draft-lear-ietf-sasl-openid-00
* A SASL Mechanism for SAML
  draft-wierenga-ietf-sasl-saml-00

The transition from SASL to GSS-API mechanisms will allow a greater set
of applications to utilize said mechanisms with SASL implementations
that support the use of GSS-API mechanisms in SASL (draft-ietf-sasl-
gs2).

* Shepherd draft-ietf-sasl-digest-to-historic to publication.

This WG should review proposals for new SASL and GSS-API mechanisms, but
may take on work on such mechanisms only through a revision of this
charter.  The WG should also review non-mechanism proposals related to
SASL and the GSS-API. However, work that adds SASL or GSS-API support in
application protocols should be handled by the application's WG.

Deliverables:

* GSS-API: initializing credentials

* GSS-API: iterating credentials

* GSS-API: exporting/importing credentials

* GSS-API: specification for asynchronous calls

* GSS-API: interfaces/improvements for better error message reporting

* GSS-API: programmer friendly interfaces

* GSS-API: transition SASL mechanism for OpenID

* GSS-API: transition SASL mechanism for SAML

* GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana

* GSS-API: publish draft-ietf-kitten-gssapi-naming-exts

* SASL: publish draft-melnikov-digest-to-historic

Goals and Milestones:

Done		Submit naming-exts to the IESG as Proposed Standard
Aug 2010		WGLC on gssapi-extensions-iana
Aug 2010		Submit gssapi-extensions-iana to the IESG as Proposed Standard

Internet-Drafts:

Namespace Considerations and Registries for GSS-API Extensions (22430 bytes)
GSS-API Naming Extensions (27268 bytes)
Moving DIGEST-MD5 to Historic (13025 bytes)
A SASL & GSS-API Mechanism for OpenID (36738 bytes)

Request For Comments:

The Simple and Protected Generic Security ServiceApplication Program Interface (GSS-API) Negotiation Mechanism (RFC 4178) (46485 bytes) obsoletes RFC 2478
A Pseudo-Random Function (PRF) API Extension for the Generic Security Service Application Program Interface (GSS-API) (RFC 4401) (15272 bytes)
A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism (RFC 4402) (9549 bytes)
Desired Enhancements to Generic Security Services Application Program Interface (GSS-API) Version 3 Naming (RFC 4768) (27205 bytes)
Generic Security Service Application Program Interface (GSS-API) Internationalization and Domain-Based Service Names and Name Type (RFC 5178) (17262 bytes)
Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism (RFC 5179) (8017 bytes)
Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings (RFC 5554) (8173 bytes) updates RFC 2473
Generic Security Service Application Program Interface (GSS-API) Extension for Storing Delegated Credentials (RFC 5588) (12434 bytes)
Extended Generic Security Service Mechanism Inquiry APIs (RFC 5587) (32002 bytes)
Generic Security Service API Version 2: Java Bindings Update (RFC 5653) (209903 bytes) obsoletes RFC 2853

Home - Tools - Datatracker - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.