At the next IETF meeting in Maastricht (end of July 2010) we are going to have a BOF about “Federated Authentication Beyond The Web”. In case you have not noticed the work relates to RADIUS and Diameter.
I wrote this very short problem statement document to explain the purpose of the BOF:
The abstract of the document says:
It is quite common that application developers and system architects are in a need for authentication and authorization support in a distributed environment. At least three parties need to cooperate, namely the end host, the identity provider, and the relying party. At the end of the exchange the identity provider asserts identity information or certain attributes to the relying party without exposing the user’s long-term secret to the relying party.
While the problem sounds challenging and interesting but it is not
new. In fact, various IETF groups have produced specifications to
solve this problem, such as Kerberos, RADIUS, and Diameter. Outside the IETF various Single-Sign-On solution for HTTP-based applications have been developed as well.
The reader might therefore wonder why there is need for new work
given the existence of readily available solutions. This document
tries to answer this question in a compact fashion.