[Dime] Comments about Webauth application

[Niklas Neumann <niklas.neumann at cs.uni-goettingen.de>]

Hello everybody,

I would like to address the comments we received during the last IETF 
meeting regarding the Diameter Webauth application. If you have missed 
the presentation, the slides are available here: 
http://www.ietf.org/proceedings/75/slides/dime-8.pdf


* Diameter SIP application also includes HTTP digest authentication:
This is true and WebAuth is actually reusing the AVP specifications made 
in RFC 4740. I do not suppose the suggestion is that people should just 
implement 4740 if they just want to use HTTP authentication over 
Diameter so I do not see any problems with that.

* Corresponding RADIUS specification (RFC 5090) is not adopted due to 
latency issues:
I cannot really comment if anybody uses RFC 5090 or not. However, RFC 
5090 obsoletes RFC 4590 so there must have been at least some interest 
to put work into another revision of the original RFC.
Regarding the latency I see how this might be an issue if you do the 
Diameter authentication for every HTTP request. However, I think it is 
more realistic that HTTP servers will cache Diameter responses or even 
open some sort of session context which will only be initially 
authenticated.


I really appreciate any of your comments. I think that web environments 
can benefit from authentication and authorization standards to make life 
easier for site administrators and to benefit from existing Diameter 
deployments. If there is anything that would make the draft more 
adoptable please let us know.


Best regards
  Niklas

--
Niklas Neumann - University of Goettingen, Institute of Computer Science
http://user.informatik.uni-goettingen.de/~nneuman1/
Tel: +49 551 39-172053