home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
ietf
/
cat
/
cat-charter.txt
< prev
next >
Wrap
Text File
|
1997-10-30
|
8KB
|
179 lines
Common Authentication Technology (cat)
--------------------------------------
Charter
Last Modified: 24-Oct-97
Current Status: Active Working Group
Chair(s):
John Linn <jlinn@securitydynamics.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion:cat-ietf@mit.edu
To Subscribe: cat-ietf-request@mit.edu
Archive: ftp://bitsy.mit.edu/cat-ietf/archive/
Description of Working Group:
The goal of the Common Authentication Technology (CAT) Working Group is
to provide distributed security services (including authentication,
integrity, and confidentiality) to a variety of protocol callers in a
manner which insulates those callers from the specifics of underlying
security mechanisms.
By separating security implementation tasks from the tasks of
integrating security data elements into caller protocols, those tasks
can be partitioned and performed separately by implementors with
different areas of expertise. This provides leverage for the IETF
community's security-oriented resources, and allows protocol
implementors to focus on the functions their protocols are designed to
provide rather than on characteristics of security mechanisms. CAT
seeks to encourage uniformity and modularity in security approaches,
supporting the use of common techniques and accommodating evolution of
underlying technologies.
In support of these goals, the working group pursues several
interrelated tasks. We have defined a common service interface allowing
callers to invoke security services in association-oriented
environments, with an associated token format identifying the security
mechanism being employed. A revision to this document set is currently
being finalized in response to implementation experience. The CAT
Working Group also defines underlying mechanisms to provide security
services, and supports integration of security services into caller
protocols. Related work areas include interface and mechanism
extensions under consideration for message protection in
store-and-forward environments and for authorization support.
Goals and Milestones:
Done Preliminary BOF session at IETF meeting, discussions with
TELNET and Network Printing Working Groups.
Done Distribute Generic Security Service Application Program
Interface (GSS-API) documentation through Internet-Draft
process.
Done First IETF meeting as full working group: review charter
distribute documents, and status of related implementation,
integration, and consulting liaison activities. Schedule
follow-on tasks, including documentation plan for specific
CAT-supporting security mechanisms.
Done Update mechanism-independent Internet-Drafts in response to
issues raised, distribute additional mechanism-specific
documentation including Distributed Authentication Services
architectural description and terms/conditions for use of the
technology documented therein.
Done Second IETF meeting: Review distributed documents and status
of related activities, continue consulting liaisons. Discuss
features and characteristics of underlying mechanisms. Define
scope and schedule for follow-on work.
Done Submit service interface specification to to the IESG for
consideration as a Proposed Standard.
Apr 96 Submit GSS-V2 to IESG for consideration as a Proposed Standard.
Jun 96 Plan next phase of activities, with particular attention to
scope and tasking for authorization, store and forward
protection support, and additional mechanisms.
Jun 96 Submit revised version of RFC1510 (Kerberos) to IESG for
consideration as a Draft Standard.
Done Progress Internet-Draft and RFC publication of mechanism-level
documents to support independent, interoperable implementations
of CAT-supporting mechanisms.
Internet-Drafts:
Posted Revised I-D Title <Filename>
------ ------- ------------------------------------------
Nov 94 Oct 97 <draft-ietf-cat-idup-gss-08.txt>
Independent Data Unit Protection Generic Security Service
Application Program Interface (IDUP-GSS-API)
Mar 95 Aug 97 <draft-ietf-cat-kerberos-pk-init-04.txt>
Public Key Cryptography for Initial Authentication in Kerberos
Mar 95 Mar 97 <draft-ietf-cat-gssv2-cbind-04.txt>
Generic Security Service API Version 2 : C-bindings
Mar 95 Apr 97 <draft-ietf-cat-idup-cbind-03.txt>
Independent Data Unit Protection Generic Security Service
Application Program Interface: C-bindings
Jul 95 Jul 97 <draft-ietf-cat-snego-06.txt>
The Simple and Protected GSS-API Negotiation Mechanism
Nov 95 Mar 97 <draft-ietf-cat-xgssapi-acc-cntrl-02.txt>
Extended Generic Security Service APIs: XGSS-APIs Access
control and delegation extensions
Nov 96 Aug 97 <draft-ietf-cat-kerberos-pk-cross-02.txt>
Public Key Cryptography for Cross-Realm Authentication in
Kerberos
Feb 97 New <draft-ietf-cat-pktapp-00.txt>
Public Key Utilizing Tickets for Application Servers (PKTAPP)
Mar 97 New <draft-ietf-cat-kerb-chg-password-00.txt>
Kerberos Change Password Protocol
Mar 97 New <draft-ietf-cat-kerberos-err-msg-00.txt>
Integrity Protection for the Kerberos Error Message
Jul 97 New <draft-ietf-cat-kerberos-revisions-00.txt>
The Kerberos Network Authentication Service (V5)
Jul 97 New <draft-ietf-cat-ftpdsaauth-00.txt>
FTP Authentication Using DSA
Jul 97 New <draft-ietf-cat-ftpkeasj-00.txt>
Encryption using KEA and SKIPJACK
Sep 97 New <draft-ietf-cat-kerberos-anoncred-00.txt>
Anonymous Credentials in Kerberos
Sep 97 New <draft-ietf-cat-rfc2078bis-00.txt>
Generic Security Service Application Program Interface, Version
2
Oct 97 New <draft-ietf-cat-user2user-00.txt>
User to User Kerberos Authentication using GSS-API Preliminary
Draft
Oct 97 New <draft-ietf-cat-krb5-ipv6-00.txt>
Kerberos over IPv6
Request For Comments:
RFC Stat Published Title
------- -- ---------- -----------------------------------------
RFC1509 PS Sep 93 Generic Security Service API : C-bindings
RFC1510 PS Sep 93 The Kerberos Network Authentication Service (V5)
RFC1507 E Sep 93 DASS - Distributed Authentication Security Service
RFC1511 Sep 93 Common Authentication Technology Overview
RFC1964 PS Jun 96 The Kerberos Version 5 GSS-API Mechanism
RFC2025 PS Oct 96 The Simple Public-Key GSS-API Mechanism (SPKM)
RFC2078 PS Jan 97 Generic Security Service Application Program Interface,
Version 2
RFC2228 PS Oct 97 FTP Security Extensions