Authorization and Access Control (aac)
--------------------------------------

 Charter
 Last Modified: 1995-03-07

 Current Status: Concluded Working Group

 Chair(s):
     Clifford Neuman  <bcn@isi.edu>

 Security Area Director(s):
     Jeffrey Schiller  <jis@mit.edu>
     Steve Bellovin  <smb@research.att.com>

 Security Area Advisor:
     Jeffrey Schiller  <jis@mit.edu>

 Mailing Lists: 
     General Discussion:ietf-aac@isi.edu
     To Subscribe:      ietf-aac-request@isi.edu
     Archive:           prospero.isi.edu:~/pub/aac/*

Description of Working Group:

     The goal of the Authorization and Access Control Working Group 
     is to develop guidelines and an Application Programming Interface
     (API) through which network accessible applications can uniformly
     specify access control information.  This API will allow applications
     to make access control decisions when clients are not local users,
     might not be members of a common organization, and often not known to
     the service or application in advance.

     Several authentication mechanisms are in place on the Internet, but
     most applications are written with local applications in mind and no
     guidelines exist for supporting authorization and access control based
     on the output of such authentication mechanisms.  The CAT Working
     Group developed the GSS-API, a common API to support authentication.
     The AAC Working Group will develop a common API that accepts the
     identity of a client (perhaps the output of the GSS-API), a reference
     to an object to be accessed, and optionally an indication of the
     operation to be performed.  The API will return a list of authorized
     operations or a yes/no answer that can be easily used by the
     application.

     A second, longer term purpose of the working group will be to
     examine evolving mechanisms and architectures for authorization in
     distributed systems and to establish criteria which enable
     interworking of confidence and trust across systems.  The working
     group will develop additional goals and milestones related to
     this purpose and will submit a revised charter once the appropriate
     goals and milestones are determined.  To the extent possible this
     additional work will encourage evolution toward credential formats
     that more readily allow support for or translation across multiple
     mechanisms.  

 Goals and Milestones:

   Done         Submit charter and milestones for approval. 

   Done         Meet at the Columbus IETF to identify common 
                characteristics of evolving distributed authorization 
                mechanisms and begin discussion of approaches for 
                interoperability across mechanisms. 

   JUN 93       Post draft API as an Internet-Draft. 

   JUN 93       Post an Internet-Draft of the guidelines for authorization 
                and access control for network accessible applications. 

   AUG 93       Submit the AAC guidelines document for approval as an 
                Informational RFC. 

   JAN 94       Submit the AAC API for consideration as an Experimental 
                RFC. 


 Internet-Drafts:

  No Current Internet-Drafts.

 Request For Comments:

  None to date.