Authorization and Access Control (aac) -------------------------------------- Charter Last Modified: 1995-03-07 Current Status: Concluded Working Group Chair(s): Clifford Neuman Security Area Director(s): Jeffrey Schiller Steve Bellovin Security Area Advisor: Jeffrey Schiller Mailing Lists: General Discussion:ietf-aac@isi.edu To Subscribe: ietf-aac-request@isi.edu Archive: prospero.isi.edu:~/pub/aac/* Description of Working Group: The goal of the Authorization and Access Control Working Group is to develop guidelines and an Application Programming Interface (API) through which network accessible applications can uniformly specify access control information. This API will allow applications to make access control decisions when clients are not local users, might not be members of a common organization, and often not known to the service or application in advance. Several authentication mechanisms are in place on the Internet, but most applications are written with local applications in mind and no guidelines exist for supporting authorization and access control based on the output of such authentication mechanisms. The CAT Working Group developed the GSS-API, a common API to support authentication. The AAC Working Group will develop a common API that accepts the identity of a client (perhaps the output of the GSS-API), a reference to an object to be accessed, and optionally an indication of the operation to be performed. The API will return a list of authorized operations or a yes/no answer that can be easily used by the application. A second, longer term purpose of the working group will be to examine evolving mechanisms and architectures for authorization in distributed systems and to establish criteria which enable interworking of confidence and trust across systems. The working group will develop additional goals and milestones related to this purpose and will submit a revised charter once the appropriate goals and milestones are determined. To the extent possible this additional work will encourage evolution toward credential formats that more readily allow support for or translation across multiple mechanisms. Goals and Milestones: Done Submit charter and milestones for approval. Done Meet at the Columbus IETF to identify common characteristics of evolving distributed authorization mechanisms and begin discussion of approaches for interoperability across mechanisms. JUN 93 Post draft API as an Internet-Draft. JUN 93 Post an Internet-Draft of the guidelines for authorization and access control for network accessible applications. AUG 93 Submit the AAC guidelines document for approval as an Informational RFC. JAN 94 Submit the AAC API for consideration as an Experimental RFC. Internet-Drafts: No Current Internet-Drafts. Request For Comments: None to date.