draft-ietf-kitten-sasl-openid-05.txt   draft-ietf-kitten-sasl-openid-06.txt 
Network Working Group E. Lear Network Working Group E. Lear
Internet-Draft Cisco Systems GmbH Internet-Draft Cisco Systems GmbH
Intended status: Standards Track H. Tschofenig Intended status: Standards Track H. Tschofenig
Expires: March 26, 2012 Nokia Siemens Networks Expires: March 30, 2012 Nokia Siemens Networks
H. Mauldin H. Mauldin
Cisco Systems, Inc. Cisco Systems, Inc.
S. Josefsson S. Josefsson
SJD AB SJD AB
September 23, 2011 September 27, 2011
A SASL & GSS-API Mechanism for OpenID A SASL & GSS-API Mechanism for OpenID
draft-ietf-kitten-sasl-openid-05 draft-ietf-kitten-sasl-openid-06
Abstract Abstract
OpenID has found its usage on the Internet for Web Single Sign-On. OpenID has found its usage on the Internet for Web Single Sign-On.
Simple Authentication and Security Layer (SASL) and the Generic Simple Authentication and Security Layer (SASL) and the Generic
Security Service Application Program Interface (GSS-API) are Security Service Application Program Interface (GSS-API) are
application frameworks to generalize authentication. This memo application frameworks to generalize authentication. This memo
specifies a SASL and GSS-API mechanism for OpenID that allows the specifies a SASL and GSS-API mechanism for OpenID that allows the
integration of existing OpenID Identity Providers with applications integration of existing OpenID Identity Providers with applications
using SASL and GSS-API. using SASL and GSS-API.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 26, 2012. This Internet-Draft will expire on March 30, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 14, line 17 skipping to change at page 14, line 17
[OpenID] section 7.2. [OpenID] section 7.2.
The query, display, and exported name syntaxes for OpenID principal The query, display, and exported name syntaxes for OpenID principal
names are all the same. There are no OpenID-specific name syntaxes names are all the same. There are no OpenID-specific name syntaxes
-- applications should use generic GSS-API name types such as -- applications should use generic GSS-API name types such as
GSS_C_NT_USER_NAME and GSS_C_NT_HOSTBASED_SERVICE (see [RFC2743], GSS_C_NT_USER_NAME and GSS_C_NT_HOSTBASED_SERVICE (see [RFC2743],
Section 4). The exported name token does, of course, conform to Section 4). The exported name token does, of course, conform to
[RFC2743], Section 3.2, but the "NAME" part of the token should be [RFC2743], Section 3.2, but the "NAME" part of the token should be
treated as a potential input string to the OpenID name normalization treated as a potential input string to the OpenID name normalization
rules. For example, the OpenID identifier "https://openid.example/" rules. For example, the OpenID identifier "https://openid.example/"
will have a GSS_C_NT_USER_NAME value of "http://openid.example/". will have a GSS_C_NT_USER_NAME value of "https://openid.example/".
GSS-API name attributes may be defined in the future to hold the GSS-API name attributes may be defined in the future to hold the
normalized OpenID Identifier. normalized OpenID Identifier.
5. Example 5. Example
Suppose one has an OpenID of https://openid.example, and wishes to Suppose one has an OpenID of https://openid.example, and wishes to
authenticate his IMAP connection to mail.example (where .example is authenticate his IMAP connection to mail.example (where .example is
the top level domain specified in [RFC2606]). The user would input the top level domain specified in [RFC2606]). The user would input
his Openid into his mail user agent, when he configures the account. his Openid into his mail user agent, when he configures the account.
 End of changes. 5 change blocks. 
5 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/