< draft-ietf-abfab-usecases-04.txt   draft-ietf-abfab-usecases-05.txt >
ABFAB R. Smith, Ed. ABFAB R. Smith, Ed.
Internet-Draft Cardiff University Internet-Draft Cardiff University
Intended status: Informational August 15, 2012 Intended status: Informational September 25, 2012
Expires: February 16, 2013 Expires: March 29, 2013
Application Bridging for Federated Access Beyond web (ABFAB) Use Cases Application Bridging for Federated Access Beyond web (ABFAB) Use Cases
draft-ietf-abfab-usecases-04 draft-ietf-abfab-usecases-05
Abstract Abstract
Federated identity is typically associated with Web-based services at Federated identity is typically associated with Web-based services at
present, but there is growing interest in its application in non Web- present, but there is growing interest in its application in non Web-
based contexts. The goal of this document is to document a selection based contexts. The goal of this document is to document a selection
of the wide variety of these contexts whose user experience could be of the wide variety of these contexts whose user experience could be
improved through the use of technologies based on the ABFAB improved through the use of technologies based on the ABFAB
architecture and specifications. architecture and specifications.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 16, 2013. This Internet-Draft will expire on March 29, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 11 skipping to change at page 2, line 11
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Context of Use Cases . . . . . . . . . . . . . . . . . . . . . 3 2. Context of Use Cases . . . . . . . . . . . . . . . . . . . . . 3
3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Cloud Services . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Cloud Services . . . . . . . . . . . . . . . . . . . . . . 4
3.1.1. Cloud-based Application Services . . . . . . . . . . . 4 3.1.1. Cloud-based Application Services . . . . . . . . . . . 4
3.1.2. Cloud-based Infrastructure Services . . . . . . . . . 5 3.1.2. Cloud-based Infrastructure Services . . . . . . . . . 5
3.2. High Performance Computing . . . . . . . . . . . . . . . . 6 3.2. High Performance Computing . . . . . . . . . . . . . . . . 6
3.3. Grid Infrastructure . . . . . . . . . . . . . . . . . . . 7 3.3. Grid Infrastructure . . . . . . . . . . . . . . . . . . . 7
3.4. Databases and Directories . . . . . . . . . . . . . . . . 8 3.4. Databases and Directories . . . . . . . . . . . . . . . . 8
3.5. Media Streaming . . . . . . . . . . . . . . . . . . . . . 8 3.5. Media Streaming . . . . . . . . . . . . . . . . . . . . . 8
3.6. Printing . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.6. Printing . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.7. Accessing Applications from Devices on a Telecoms 3.7. Accessing Applications from Devices on a Telecoms
Infrastructure . . . . . . . . . . . . . . . . . . . . . . 9 Infrastructure . . . . . . . . . . . . . . . . . . . . . . 9
3.8. Enhanced Security Services for S/MIME . . . . . . . . . . 10 3.8. Enhanced Security Services for S/MIME . . . . . . . . . . 10
skipping to change at page 3, line 34 skipping to change at page 3, line 34
describing how technologies based on the the ABFAB architecture describing how technologies based on the the ABFAB architecture
[I-D.lear-abfab-arch] and specifications could be used. [I-D.lear-abfab-arch] and specifications could be used.
2. Context of Use Cases 2. Context of Use Cases
The use cases described in this document are a result of work led by The use cases described in this document are a result of work led by
Janet, the operator of the United Kingdom's education and research Janet, the operator of the United Kingdom's education and research
network, responding to requirements from its community, and augmented network, responding to requirements from its community, and augmented
by various inputs from the IETF community. by various inputs from the IETF community.
The ABFAB architecture and specifications enables authentication and
authorization to occur across organizational boundaries. For many
applications, principals need not have pre-instantiated accounts that
their federated identity maps to before their first visit to that
application; the application can perform this process on the fly. In
cases where such accounts are required for particular applications,
the pre-provisioning process is out of scope of ABFAB technologies,
which assumes any such requirements have already been fulfilled.
Standards-based work of note that would assist with this pre-
provisioning of accounts includes the standards and specifications
produced by the IETF SCIM working group.
3. Use Cases 3. Use Cases
This section describes some of the variety of potential use cases This section describes some of the variety of potential use cases
where technologies based on the ABFAB architecture and specifications where technologies based on the ABFAB architecture and specifications
could help improve the user experience; each includes a brief could help improve the user experience; each includes a brief
description of how current technologies attempt to solve the use description of how current technologies attempt to solve the use
cases and how this could improved upon by ABFAB implementations. cases and how this could improved upon by ABFAB implementations.
3.1. Cloud Services 3.1. Cloud Services
skipping to change at page 4, line 9 skipping to change at page 4, line 21
o General infrastructure services such as computing power, network, o General infrastructure services such as computing power, network,
storage, and utility ("Infrastructure as a Service", or IaaS); storage, and utility ("Infrastructure as a Service", or IaaS);
o Software stacks or platforms such as database servers, web o Software stacks or platforms such as database servers, web
servers, application runtime environments, etc. ("Platform as a servers, application runtime environments, etc. ("Platform as a
Service", or PaaS); Service", or PaaS);
o Common application software such as email, shared storage, o Common application software such as email, shared storage,
business applications such as Customer Relationship Management business applications such as Customer Relationship Management
(CRM) or scientific applications ("Software as a Service", or (CRM) or scientific applications ("Software as a Service", or
Saas). SaaS).
The main benefits of cloud computing are that it offers on-demand
services with pay per-use removing the need for users/organizations
to build and maintain their own hardware or infrastructure, and that
it allows for the dynamic scaling of resources required for solving
specific tasks.
In many cases the provisioned cloud infrastructures and applications In many cases the provisioned cloud infrastructures and applications
need to be integrated with existing infrastructure of the need to be integrated with existing infrastructure of the
organisation, and it is of course desirable if this could be achieved organisation, and it is of course desirable if this could be achieved
in a way that allows business or scientific workflows to act across in a way that allows business or scientific workflows to act across
infrastructure both across the cloud and in the local infrastructure infrastructure both across the cloud and in the local infrastructure
in as seamless a manner as possible. in as seamless a manner as possible.
There are two main areas where federated access fits in cloud There are two main areas where federated access fits in cloud
computing: using federation to help mediate access to cloud based computing: using federation to help mediate access to cloud based
skipping to change at page 9, line 37 skipping to change at page 9, line 37
Where this service is currently offered it would usually be achieved Where this service is currently offered it would usually be achieved
through the use of 'open' printers (i.e. printers that allow through the use of 'open' printers (i.e. printers that allow
anonymous print requests), where printer availability is advertised anonymous print requests), where printer availability is advertised
through the use of Bonjour or other similar protocols. If the through the use of Bonjour or other similar protocols. If the
organisation requires authenticated print requests (usually for organisation requires authenticated print requests (usually for
accounting purposes), the the visitor would usually have to be given accounting purposes), the the visitor would usually have to be given
credentials that allow this, often supplemented with pay-as-you-go credentials that allow this, often supplemented with pay-as-you-go
style payment systems. style payment systems.
Adding federated authentication to IPP [RFC3229] (and other relevant Adding federated authentication to IPP [RFC2911] (and other relevant
protocols) would enable this kind of remote printing service without protocols) would enable this kind of remote printing service without
the administrative overhead of credentialing these visitors (who, of the administrative overhead of credentialing these visitors (who, of
course, may well one time visitors to the organisation). This would course, may well one time visitors to the organisation). This would
be immediately applicable to higher education, where this use case is be immediately applicable to higher education, where this use case is
increasingly important thanks to the success of federated network increasingly important thanks to the success of federated network
authentication systems such as eduroam but could also be used in authentication systems such as eduroam but could also be used in
other contexts such as commercial print kiosks, or in large, other contexts such as commercial print kiosks, or in large,
heterogeneous organizations. heterogeneous organizations.
3.7. Accessing Applications from Devices on a Telecoms Infrastructure 3.7. Accessing Applications from Devices on a Telecoms Infrastructure
skipping to change at page 13, line 5 skipping to change at page 13, line 5
(ABFAB) Architecture", (ABFAB) Architecture",
draft-lear-abfab-arch-02 (work in draft-lear-abfab-arch-02 (work in
progress), March 2011. progress), March 2011.
8.2. Informative References 8.2. Informative References
[RFC1939] Myers, J. and M. Rose, "Post [RFC1939] Myers, J. and M. Rose, "Post
Office Protocol - Version 3", Office Protocol - Version 3",
STD 53, RFC 1939, May 1996. STD 53, RFC 1939, May 1996.
[RFC3501] Crispin, M., "INTERNET MESSAGE
ACCESS PROTOCOL - VERSION 4rev1",
RFC 3501, March 2003.
[RFC2616] Fielding, R., Gettys, J., Mogul, [RFC2616] Fielding, R., Gettys, J., Mogul,
J., Frystyk, H., Masinter, L., J., Frystyk, H., Masinter, L.,
Leach, P., and T. Berners-Lee, Leach, P., and T. Berners-Lee,
"Hypertext Transfer Protocol -- "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999. HTTP/1.1", RFC 2616, June 1999.
[RFC5321] Klensin, J., "Simple Mail Transfer [RFC2911] Hastings, T., Herriot, R., deBry,
Protocol", RFC 5321, October 2008. R., Isaacson, S., and P. Powell,
"Internet Printing Protocol/1.1:
Model and Semantics", RFC 2911,
September 2000.
[RFC3226] Gudmundsson, O., "DNSSEC and IPv6 [RFC3226] Gudmundsson, O., "DNSSEC and IPv6
A6 aware server/resolver message A6 aware server/resolver message
size requirements", RFC 3226, size requirements", RFC 3226,
December 2001. December 2001.
[RFC3229] Mogul, J., Krishnamurthy, B., [RFC3501] Crispin, M., "INTERNET MESSAGE
Douglis, F., Feldmann, A., Goland, ACCESS PROTOCOL - VERSION 4rev1",
Y., van Hoff, A., and D. RFC 3501, March 2003.
Hellerstein, "Delta encoding in
HTTP", RFC 3229, January 2002.
[RFC3550] Schulzrinne, H., Casner, S., [RFC3550] Schulzrinne, H., Casner, S.,
Frederick, R., and V. Jacobson, Frederick, R., and V. Jacobson,
"RTP: A Transport Protocol for "RTP: A Transport Protocol for
Real-Time Applications", STD 64, Real-Time Applications", STD 64,
RFC 3550, July 2003. RFC 3550, July 2003.
[RFC4251] Ylonen, T. and C. Lonvick, "The [RFC4251] Ylonen, T. and C. Lonvick, "The
Secure Shell (SSH) Protocol Secure Shell (SSH) Protocol
Architecture", RFC 4251, Architecture", RFC 4251,
January 2006. January 2006.
[RFC5280] Cooper, D., Santesson, S., [RFC5280] Cooper, D., Santesson, S.,
Farrell, S., Boeyen, S., Housley, Farrell, S., Boeyen, S., Housley,
R., and W. Polk, "Internet X.509 R., and W. Polk, "Internet X.509
Public Key Infrastructure Public Key Infrastructure
Certificate and Certificate Certificate and Certificate
Revocation List (CRL) Profile", Revocation List (CRL) Profile",
RFC 5280, May 2008. RFC 5280, May 2008.
[RFC5321] Klensin, J., "Simple Mail Transfer
Protocol", RFC 5321, October 2008.
[OASIS.saml-profiles-2.0-os] Hughes, J., Cantor, S., Hodges, [OASIS.saml-profiles-2.0-os] Hughes, J., Cantor, S., Hodges,
J., Hirsch, F., Mishra, P., J., Hirsch, F., Mishra, P.,
Philpott, R., and E. Maler, Philpott, R., and E. Maler,
"Profiles for the OASIS Security "Profiles for the OASIS Security
Assertion Markup Language (SAML) Assertion Markup Language (SAML)
V2.0", OASIS Standard OASIS.saml- V2.0", OASIS Standard OASIS.saml-
profiles-2.0-os, March 2005. profiles-2.0-os, March 2005.
[I-D.wei-abfab-fcla] Wei, Y., "Federated Cross-Layer [I-D.wei-abfab-fcla] Wei, Y., "Federated Cross-Layer
Access", draft-wei-abfab-fcla-02 Access", draft-wei-abfab-fcla-02
(work in progress), March 2012. (work in progress), March 2012.
[I-D.freeman-plasma-requirements] Freeman, T., Schaad, J., and P. [I-D.freeman-plasma-requirements] Freeman, T., Schaad, J., and P.
Patterson, "Requirements for Patterson, "Requirements for
Message Access Control", draft- Message Access Control", draft-
freeman-plasma-requirements-02 freeman-plasma-requirements-03
(work in progress), July 2012. (work in progress), August 2012.
Author's Address Author's Address
Dr. Rhys Smith (editor) Dr. Rhys Smith (editor)
Cardiff University Cardiff University
39-41 Park Place 39-41 Park Place
Cardiff CF10 3BB Cardiff CF10 3BB
United Kingdom United Kingdom
Phone: +44 29 2087 0126 Phone: +44 29 2087 0126
 End of changes. 12 change blocks. 
26 lines changed or deleted 32 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/