Common Authentication Technology (cat) -------------------------------------- Charter Current status: active working group Chair(s): John Linn Security Area Director(s): Jeffrey Schiller Mailing lists: General Discussion:cat-ietf@mit.edu To Subscribe: cat-ietf-request@mit.edu Archive: ftp://bitsy.mit.edu/cat-ietf/archive/ Description of Working Group: The goal of the Common Authentication Technology (CAT) Working Group is to provide distributed security services (including authentication, integrity, and confidentiality) to a variety of protocol callers in a manner which insulates those callers from the specifics of underlying security mechanisms. By separating security implementation tasks from the tasks of integrating security data elements into caller protocols, those tasks can be partitioned and performed separately by implementors with different areas of expertise. This provides leverage for the IETF community's security-oriented resources, and allows protocol implementors to focus on the functions their protocols are designed to provide rather than on characteristics of security mechanisms. CAT seeks to encourage uniformity and modularity in security approaches, supporting the use of common techniques and accommodating evolution of underlying technologies. In support of these goals, the working group pursues several interrelated tasks. We have defined a common service interface allowing callers to invoke security services in association-oriented environments, with an associated token format identifying the security mechanism being employed. A revision to this document set is currently being finalized in response to implementation experience. The CAT Working Group also defines underlying mechanisms to provide security services, and supports integration of security services into caller protocols. Related work areas include interface and mechanism extensions under consideration for message protection in store-and-forward environments and for authorization support. Goals and Milestones: Done Progress Internet-Draft and RFC publication of mechanism-level documents to support independent, interoperable implementations of CAT-supporting mechanisms. Done Preliminary BOF session at IETF meeting, discussions with TELNET and Network Printing Working Groups. Done Distribute Generic Security Service Application Program Interface (GSS-API) documentation through Internet-Draft process. Done First IETF meeting as full working group: review charter distribute documents, and status of related implementation, integration, and consulting liaison activities. Schedule follow-on tasks, including documentation plan for specific CAT-supporting security mechanisms. Done Update mechanism-independent Internet-Drafts in response to issues raised, distribute additional mechanism-specific documentation including Distributed Authentication Services architectural description and terms/conditions for use of the technology documented therein. Done Second IETF meeting: Review distributed documents and status of related activities, continue consulting liaisons. Discuss features and characteristics of underlying mechanisms. Define scope and schedule for follow-on work. Done Submit service interface specification to to the IESG for consideration as a Proposed Standard. Apr 96 Submit GSS-V2 to IESG for consideration as a Proposed Standard. Jun 96 Submit revised version of RFC1510 (Kerberos) to IESG for consideration as a Draft Standard. Jun 96 Plan next phase of activities, with particular attention to scope and tasking for authorization, store and forward protection support, and additional mechanisms. Internet-Drafts: Posted Revised I-D Title ------ ------- ------------------------------------------ Jul 94 Jan 96 The Simple Public-Key GSS-API Mechanism (SPKM) Nov 94 May 96 Generic Security Service Application Program Interface, Version 2 Nov 94 Jun 96 Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API) Mar 95 Jun 96 Public Key Cryptography for Initial Authentication in Kerberos Mar 95 Aug 96 Generic Security Service API Version 2 : C-bindings Mar 95 Feb 96 Independent Data Unit Protection Generic Security Service Application Program Interface: C-bindings Jul 95 Feb 96 Simple GSS-API Negotiation Mechanism Jul 95 Feb 96 PEM-Based IDUP Mechanism (PIM) Jul 95 New The FIPS PUB JJJ Entity Authentication GSS-API Mechanism Nov 95 Jul 96 Extended Generic Security Service APIs: XGSS-APIs Access control and delegation extensions Jun 96 New PKCS #7-Based IDUP Mechanism (p7im) Request For Comments: RFC Stat Published Title ------- -- ---------- ----------------------------------------- RFC1508 PS Sep 93 Generic Security Service Application Program Interface RFC1507 E Sep 93 DASS - Distributed Authentication Security Service RFC1510 PS Sep 93 The Kerberos Network Authentication Service (V5) RFC1511 I Sep 93 Common Authentication Technology Overview RFC1509 PS Sep 93 Generic Security Service API : C-bindings RFC1964 PS Jun 96 The Kerberos Version 5 GSS-API Mechanism