Authmeth-16 resolves all outstanding comments from the ldapbis WG on previous revisions of the draft. Some fairly substantial changes were needed for server identity check (section 3.1.5) and authorization state (section 4) in particular. Please review and get me comments by the end of day Thursday to help me get the -17 draft published prior to the IETF 64 meeting
Summary of changes for draft-ldapbis-authmeth-16
General
- Resolved all known outstanding issues and comments for -15 draft.
- Numerous edits for clarity and consistency.
- Renamed simple authentication mechanism to name/password mechanism.
- Resolved some remaining issues with session/connection terminology
- Replaced DIGEST-MD5 SASL authentication mechanism with name/password authentication protected with TLS as the "strong" mandatory-to-implement for LDAP.
- Removed all normative references to SASL DIGEST-MD5 mechanism.
- Moved sections on authentication mechanisms of the simple bind method into Simple Authentication Method.
- Moved sections on SASL profile and SASL authentication mechanisms into section SASL Authentication Method section.
Section 3.1.5
- Rewrote server identity check algorithm.
Section 4
- Rewrote authorization state section.
Section 5.1.2.7
- Added text indicating the the authzID is an construct that can be extended by future publications.
Appendix B
- Began a new (and currently redundant) appendix to summarize substantive changes made to the protocol via this document. This appendix is currently unfinished.
Thanks,
Roger
>>> <Internet-Drafts@ietf.org> 10/14/05 1:50 pm >>> A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the LDAP (v3) Revision Working Group of the IETF.
Title: LDAP: Authentication Methods and Security Mechanisms Author(s): R. Harrison Filename: draft-ietf-ldapbis-authmeth-16.txt Pages: 46 Date: 2005-10-14
This document describes authentication methods and security mechanisms of the Lightweight Directory Access Protocol (LDAP).
This document details establishment of Transport Layer Security (TLS) using the StartTLS operation.
This document details the simple Bind authentication method including anonymous, unauthenticated, and name/password mechanisms and the Secure Authentication and Security Layer (SASL) Bind authentication method including the EXTERNAL mechanism.
This document discusses various authentication and authorization states through which a session to an LDAP server may pass and the actions that trigger these state changes.
A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-authmeth-16.txt
To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-ldapbis-authmeth-16.txt".
A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-ldapbis-authmeth-16.txt".
NOTE:The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
|