Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] TLS WG Chair Comments on draft-ietf-tls-authz-07
On 2/12/09 4:47 PM, "Josh Howlett" <Josh.Howlett at ja.net> wrote:
> I have a long list of applications, collected from within this
> community, with which they would like to use SAML-based authorisation;
> and it seems to me that the ability for application protocols to share a
> common mechanism for expressing authorisation would mitigate or perhaps
> even avoid the need to make application-specific authorisation
> extensions.
Right, and to be more specific about it, the kinds of
things that we're talking about include reducing retained
state on devices during the authorization process by
eliminating queries, reducing the problems around service
discovery and topology, and I tend to think that there
are some cross-domain advantages, as well. There are
fate-sharing considerations, where the authorizations
aren't held by devices that don't need them, they're not
delivered if the traffic isn't delivered, and if the
traffic is delivered the authorizations are delivered.
So, I think that in addition to some issues specific
to authorization problems there are some advantages
around traditional networking considerations.
Melinda
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
