Common Authentication Technology (cat)
--------------------------------------
Charter
Last Modified: 07/31/2001
Current Status: Active Working Group
Chair(s):
John Linn <jlinn@rsasecurity.com>
Security Area Director(s):
Jeffrey Schiller <jis@mit.edu>
Steve Bellovin <smb@research.att.com>
Security Area Advisor:
Jeffrey Schiller <jis@mit.edu>
Mailing Lists:
General Discussion:ietf-cat-wg@lists.stanford.edu
To Subscribe: ietf-cat-wg-request@lists.stanford.edu
Archive: ftp://ftp.ietf.org/ietf-mail-archive/cat/
Description of Working Group:
The goal of the Common Authentication Technology (CAT) Working Group is
to provide distributed security services (which have included
authentication, integrity, and confidentiality, and may broaden to
include authorization) to a variety of protocol callers in a manner
which insulates those callers from the specifics of underlying security
mechanisms.
By separating security implementation tasks from the tasks of
integrating security data elements into caller protocols, those tasks
can be partitioned and performed separately by implementors with
different areas of xpertise. This provides leverage for the IETF
community's security-oriented resources, and allows protocol
implementors to focus on the functions their protocols are designed to
provide rather than on characteristics of security mechanisms. CAT seeks
to encourage uniformity and modularity in security approaches,
supporting the use of common techniques and accommodating evolution of
underlying technologies.
In support of these goals, the working group pursues several
interrelated tasks. We have defined a common service interface (GSS-API)
allowing callers to invoke security services in association-oriented
environments, with an associated token format identifying the security
mechanism being employed. Existing documents provide C language bindings
for GSS-API; currently ongoing work is defining bindings for Java.
Authorization interfaces are currently being evaluated as a related area
for follow-on work, with the level of achievable portability an
important consideration. The CAT Working Group also defines supporting
mechanisms to provide security services; current activity includes
specification of "low-infrastructure" mechanisms to support ease of
deployment and use.
Goals and Milestones:
Done Preliminary BOF session at IETF meeting, discussions with
TELNET and Network Printing Working Groups.
Done Distribute Generic Security Service Application Program
Interface (GSS-API) documentation through Internet-Draft
process.
Done First IETF meeting as full working group: review charter
distribute documents, and status of related implementation,
integration, and consulting liaison activities. Schedule
follow-on tasks, including documentation plan for specific
CAT-supporting security mechanisms.
Done Update mechanism-independent Internet-Drafts in response to
issues raised, distribute additional mechanism-specific
documentation including Distributed Authentication Services
architectural description and terms/conditions for use of
the technology documented therein.
Done Second IETF meeting: Review distributed documents and
status of related activities, continue consulting liaisons.
Discuss features and characteristics of underlying
mechanisms. Define scope and schedule for follow-on work.
Done Submit service interface specification to to the IESG for
consideration as a Proposed Standard.
Done Submit GSS-V2 to IESG for consideration as a Proposed
Standard.
Done Plan next phase of activities, with particular attention to
scope and tasking for authorization, store and forward
protection support, and additional mechanisms.
Done Issue Internet-Draft representing updated version of
RFC-2078, aligned with GSS-V2 C bindings Internet-Draft.
Done Submit Negotiated Mechanism document to IESG for
consideration as a Proposed Standard
Done Submit GSS-V2 C bindings document to IESG for consideration
as a Proposed Standard.
Done Progress Internet-Draft and RFC publication of
mechanism-level documents to support independent,
interoperable implementations of CAT-supporting mechanisms.
Done Determine direction and intent re progressing authorization
interfaces.
Done Determine direction and intent re progressing
low-infrastructure mechanism definitions.
Done Submit GSS-V2 Java bindings specification to IESG for
consideration as Proposed Standard.
Done Submit GSS-V2 Java service provider interface document to
IESG for consideration as Proposed Standard.
Done Review status of ongoing active projects.
Internet-Drafts:
No Current Internet-Drafts.
Request For Comments:
RFC Stat Published Title
------- -- ----------- ------------------------------------
RFC1507 E SEP 93 DASS - Distributed Authentication Security Service
RFC1508 PS SEP 93 Generic Security Service Application Program
Interface
RFC1509 PS SEP 93 Generic Security Service API : C-bindings
RFC1511 I SEP 93 Common Authentication Technology Overview
RFC1510 PS SEP 93 The Kerberos Network Authentication Service (V5)
RFC1964 PS JUN 96 The Kerberos Version 5 GSS-API Mechanism
RFC2025 PS OCT 96 The Simple Public-Key GSS-API Mechanism (SPKM)
RFC2078 PS JAN 97 Generic Security Service Application Program
Interface, Version 2
RFC2228 PS OCT 97 FTP Security Extensions
RFC2478 PS DEC 98 The Simple and Protected GSS-API Negotiation
Mechanism
RFC2479 I DEC 98 Independent Data Unit Protection Generic Security
Service Application Program Interface (IDUP-GSS-API)
RFC2743 PS JAN 00 Generic Security Service Application Program
Interface Version 2, Update 1
RFC2744 PS JAN 00 Generic Security Service API Version 2 : C-bindings
RFC2773 E FEB 00 Encryption using KEA and SKIPJACK
RFC2847 PS JUN 00 LIPKEY - A Low Infrastructure Public Key Mechanism
Using SPKM
RFC2853 PS JUN 00 Generic Security Service API Version 2 : Java
bindings