Securely Available Credentials BOF (sacred)

Tuesday, August 1 at 1700-1800
==============================

CHAIRS: Stephen Farrell <stephen.farrell@baltimore.ie>
        Magnus Nystrom  <magnus@rsasecurity.com>

DESCRIPTION:

A nice feature of smart-card based PKIs, in addition to the security
offered by the cards themselves, is the "free-seating solution," or 
the portability of user's credentials. In order to provide a similar 
solution or service to environments where security is based on pure 
software implementations or so-called "soft tokens" (a.k.a. "virtual 
smart cards, "software files containing information normally stored 
on smart cards) some kind of credential store from which users can 
download their soft-tokens, using some specified protocol is required.
This protocol will provide mobility for credentials.
 
Such a protocol and specified data format might also allow an 
individual user to have the same set of credentials on, e.g., her 
mobile phone as in her desktop. Adding an upload protocol to the 
solution means that it in principle would be possible to always have 
the credential store up-to-date.

Even in some cases where real smart cards are used, there may be some 
benefit to using such a protocol - e.g. when a new card is received, 
but "old" credentials should be used. If the cards offered the 
appropriate install and delete interfaces, then the credentials could 
be (securely) moved between cards.

Many desktop applications also require mobility of credentials, for
example to  support some "kiosk" style operation, when a user upgrades
a PC, or when "hot-desking". It is sometimes required to integrate 
such credential mobility with single-sign-on solutions. A protocol 
that could be used in the smart card case, can also be used to solve 
this case.

Finally, some applications may benefit from the ability to migrate
credentials from a device to a smart card, in particular where the 
smart card using device has limited user interface capabililies, 
e.g. a mobile phone.

Security is at a premium for this working group; only authorized 
entities should be allowed to download credentials, credentials must 
be protected against eavesdropping and cut & paste attacks; attackers
must not be able to succesfully replace an entities credentials at a 
credential serer; etc.

Availability is also at a premium, a credential server must be 
reachable from many different types of client with different 
characteristics in terms of processing power, storage and network 
connectivity.

The purpose of this working group is therefore to gather requirements
for a solution beneficial to the Internet community, establish a 
framework for such a solution, and to develop or adopt the required 
protocols and credential formats.

AGENDA:

- agenda bashing
- scene setting (some problems that might be solved)
- HTTP/SASL strawman
- <other proposals>
- WG charter discussion