Re: [Isms] pre11 comments

To: <isms at ietf.org>
Subject: Re: [Isms] pre11 comments
From: "David B. Nelson" <d.b.nelson at comcast.net>
Date: Wed, 23 Jul 2008 09:39:06 -0400
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <006401c8dc30$bac0af30$51f780de@china.huawei.com> <sd63rmy615.fsf@wes.hardakers.net> <4F599A473EF04ECD99F4C358B291245E@xpsuperdvd2> <sdskuqwoli.fsf@wes.hardakers.net> <200807040057.m640v5DL015394@grapenut.srv.cs.cmu.edu> <ED7BF45E5D16B2A3ECD2E782@atlantis.pc.cs.cmu.edu>
Sender: isms-bounces at ietf.org
Thread-index: Acjsil/7boFfYuzPSeKPnCU6BCc7/wAPf54g

Jeffrey Hutzelman writes...

> In this way, the difference between an SSH user and a TLS user 
> becomes very clear in VACM, and the mapping from SSH username to 
> securityName and back is well defined.
> 
> Comments?

That may be useful for deployments where there are distinct namespaces for
SSH, TLS, Kerberos, Telnet, Unix login, and what-have-you.  I'm sure there
are such deployments.  On the other hand, another way to address the issue
of divergent namespaces is to use a single AAA service (or at least a single
back-end user database) for all authentication purposes within an
organization.  The ability to use existing AAA infrastructures (with a
common user namespace) was one of the primary goals of the ISMS work, no?

Universal single sign-on s still an elusive "holy grail" but it is often
achieved within the confines of a single organization.


_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker

References:
- [Isms] pre11 comments
  - From: David Harrington
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: David B. Nelson
- Re: [Isms] pre11 comments
  - From: Wes Hardaker
- Re: [Isms] pre11 comments
  - From: Jeffrey Hutzelman

Prev by Date: [Isms] isms-tmsm-12 comments
Next by Date: Re: [Isms] pre11 comments
Previous by thread: Re: [Isms] pre11 comments
Next by thread: Re: [Isms] pre11 comments
Index(es):
- Date
- Thread

Re: [Isms] pre11 comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.