[kitten] I-D: Realm Crossover for SASL and GSS-API via Diameter

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[kitten] I-D: Realm Crossover for SASL and GSS-API via Diameter

Rick van Rein (OpenFortress)
Hello,

The following I-D proposes a method to relay SASL authentication to a
backend over Diameter.  This is achieved by wrapping it in an outer SASL
mechanism GS2-SXOVER-PLUS for end-to-end encryption.

The intention is to allow identities under a home realm to be used with
foreign servers.  Diameter can do this securely while still scaling up.

Your input on this is quite welcome; I intend to forward it to Diameter
expertise before actually claiming the GS2-SXOVER-PLUS name.


Best wishes,

Rick van Rein
for InternetWide.org


-----

Name: draft-vanrein-diameter-sasl
Revision: 03
Title: Realm Crossover for SASL and GSS-API via Diameter
Document date: 2020-01-21
Group: Individual Submission
Pages: 17
URL:
https://www.ietf.org/internet-drafts/draft-vanrein-diameter-sasl-03.txt
Status:
https://datatracker.ietf.org/doc/draft-vanrein-diameter-sasl/
Htmlized:       https://tools.ietf.org/html/draft-vanrein-diameter-sasl-03
Htmlized:
https://datatracker.ietf.org/doc/html/draft-vanrein-diameter-sasl
Diff:
https://www.ietf.org/rfcdiff?url2=draft-vanrein-diameter-sasl-03

Abstract:
   SASL and GSS-API are used for authentication in many application
   protocols.  This specification extends them to allow credentials of a
   home realm to be used against external services.  To this end, it
   introduces end-to-end encryption for SASL that is safe to relay to
   the client's home realm.

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten