Common Authentication Technology Next Generation (kitten)
---------------------------------------------------------

 Charter
 Last Modified: 2011-03-31

 Current Status: Active Working Group

 Chair(s):
     Shawn Emery  <shawn.emery@oracle.com>
     Tom Yu  <tlyu@mit.edu>
     Alexey Melnikov  <alexey.melnikov@isode.com>

 Security Area Director(s):
     Stephen Farrell  <stephen.farrell@cs.tcd.ie>
     Sean Turner  <turners@ieca.com>

 Security Area Advisor:
     Stephen Farrell  <stephen.farrell@cs.tcd.ie>

 Mailing Lists: 
     General Discussion:kitten@ietf.org
     To Subscribe:      https://www.ietf.org/mailman/listinfo/kitten
     Archive:           http://www.ietf.org/mail-archive/web/kitten/current/maillist.html

Description of Working Group:

The Generic Security Services (GSS) API and Simple Authentication and
Security Layer (SASL) provide various applications with a security
framework for secure network communication.  The purpose of the Common
Authentication Technology Next Generation (Kitten) working group (WG) is
to develop extensions/improvements to the GSS-API, shepherd specific
GSS-API security mechanisms, and provide guidance for any new SASL-
related submissions.

This working is chartered to specify the following extensions and
improvements (draft-yu-kitten-api-wishlist-00) to the GSS-API:

* Provide new interfaces for credential management, which include the
following:
   initializing credentials
   iterating credentials
   exporting/importing credentials

* Specify interface for asynchronous calls.

* Define interfaces for better error message reporting.

* Provide a more programmer friendly GSS-API for application developers.
This could include reducing the number of interface parameters, for
example, by eliminating parameters which are commonly used with the
default values.

This WG is also chartered to transition proposed SASL mechanisms as
GSS-API mechanisms:

* A SASL Mechanism for OpenID
   draft-lear-ietf-sasl-openid-00
* A SASL Mechanism for SAML
   draft-wierenga-ietf-sasl-saml-00

The transition from SASL to GSS-API mechanisms will allow a greater set
of applications to utilize said mechanisms with SASL implementations
that support the use of GSS-API mechanisms in SASL (draft-ietf-sasl-
gs2).

* Shepherd draft-ietf-sasl-digest-to-historic to publication.

This WG should review proposals for new SASL and GSS-API mechanisms, but
may take on work on such mechanisms only through a revision of this
charter.  The WG should also review non-mechanism proposals related to
SASL and the GSS-API. However, work that adds SASL or GSS-API support in
application protocols should be handled by the application's WG.

Deliverables:

* GSS-API: initializing credentials

* GSS-API: iterating credentials

* GSS-API: exporting/importing credentials

* GSS-API: specification for asynchronous calls

* GSS-API: interfaces/improvements for better error message reporting

* GSS-API: programmer friendly interfaces

* GSS-API: transition SASL mechanism for OpenID

* GSS-API: transition SASL mechanism for SAML

* GSS-API: publish draft-ietf-kitten-gssapi-extensions-iana

* GSS-API: publish draft-ietf-kitten-gssapi-naming-exts

* SASL: publish draft-melnikov-digest-to-historic

 Goals and Milestones:

   Done         Submit naming-exts to the IESG as Proposed Standard 

   Aug 2010       WGLC on gssapi-extensions-iana 

   Aug 2010       Submit gssapi-extensions-iana to the IESG as Proposed Standard 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Feb 2005 Apr 2009   <draft-ietf-kitten-gssapi-extensions-iana-06.txt>
                Namespace Considerations and Registries for GSS-API Extensions 

May 2005 May 2011   <draft-ietf-kitten-gssapi-naming-exts-11.txt>
                GSS-API Naming Extensions 

Jun 2010 Apr 2011   <draft-ietf-kitten-digest-to-historic-04.txt>
                Moving DIGEST-MD5 to Historic 

Aug 2010 Jun 2011   <draft-ietf-kitten-sasl-openid-03.txt>
                A SASL & GSS-API Mechanism for OpenID 

Sep 2010 Jun 2011   <draft-ietf-kitten-sasl-saml-03.txt>
                A SASL and GSS-API Mechanism for SAML 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4178Standard  Oct 2005    The Simple and Protected Generic Security 
                       ServiceApplication Program Interface (GSS-API) 
                       Negotiation Mechanism 

RFC4401Standard  Feb 2006    A Pseudo-Random Function (PRF) API Extension for the 
                       Generic Security Service Application Program Interface 
                       (GSS-API) 

RFC4402Standard  Feb 2006    A Pseudo-Random Function (PRF) for the Kerberos V 
                       Generic Security Service Application Program Interface 
                       (GSS-API) Mechanism 

RFC4768 I    Dec 2006    Desired Enhancements to Generic Security Services 
                       Application Program Interface (GSS-API) Version 3 Naming 

RFC5178 PS   May 2008    Generic Security Service Application Program Interface 
                       (GSS-API) Internationalization and Domain-Based Service 
                       Names and Name Type 

RFC5179 PS   May 2008    Generic Security Service Application Program Interface 
                       (GSS-API) Domain-Based Service Names Mapping for the 
                       Kerberos V GSS Mechanism 

RFC5554 PS   May 2009    Clarifications and Extensions to the Generic Security 
                       Service Application Program Interface (GSS-API) for the 
                       Use of Channel Bindings 

RFC5588 PS   Jul 2009    Generic Security Service Application Program Interface 
                       (GSS-API) Extension for Storing Delegated Credentials 

RFC5587 PS   Jul 2009    Extended Generic Security Service Mechanism Inquiry APIs 

RFC5653 PS   Aug 2009    Generic Security Service API Version 2: Java Bindings 
                       Update