[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[KEYPROV] MIME & Protocol Versioning. was: Linking DSKPP to a Browser

To: "Tschofenig, Hannes $NSN - FI/Espoo$" <hannes.tschofenig at nsn.com>, "KEYPROV" <keyprov at ietf.org>
Subject: [KEYPROV] MIME & Protocol Versioning. was: Linking DSKPP to a Browser
From: "Anders Rundgren" <anders.rundgren at telia.com>
Date: Sat, 9 Aug 2008 08:52:33 +0200
Delivered-to: ietfarch-keyprov-web-archive at core3.amsl.com
Delivered-to: keyprov at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/keyprov>
List-help: <mailto:keyprov-request@ietf.org?subject=help>
List-id: "Provisioning of Symmetric Keys $keyprov$" <keyprov.ietf.org>
List-post: <mailto:keyprov@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
References: <01e501c8f7e5$f47021e0$82c5a8c0@arport2v> <C41BFCED3C088E40A8510B57B165C16246A504@FIESEXC007.nsn-intra.net>
Sender: keyprov-bounces at ietf.org

An issue I forgot to mention is that protocols evolve making
a MIME-extension insufficient as a sole indicator of content.

OASIS/Liberty realized this and provided the following solution:

GET /index HTTP/1.1
Host: identity-service.example.com
Accept: text/html; application/vnd.paos+xml
PAOS: ver='urn:liberty:paos:2003-08' ; 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'

This is IMO a rather specific way of doing things.
Bringing out the entire URI-stock you have in every HTTP request seems like a bad idea.

BTW, few if anybody supports the OASIS extension.

Basically we need another way of doing browser invocation that
scales better and that has a chance of getting universal support.

I took a stab at such a solution in the document I sent a link to.
I intend to make an open source implementation of this if I find
the time to do it.  If anybody is interested in creating a universal
solution for security (and other) protocol invocations in browsers
don't hesitate contacting me.

Anders

----- Original Message ----- 
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig at nsn.com>
To: "ext Anders Rundgren" <anders.rundgren at telia.com>; "KEYPROV" <keyprov at ietf.org>
Sent: Thursday, August 07, 2008 08:29
Subject: RE: [KEYPROV] Linking DSKPP to a Browser


Interesting that you mention this since I thought the trigger message in
DSKPP was indeed meant to be used in a browser based application since
you cannot just send a message to a host given firewalls, NATs, and the
basic question of where to address the message in the first place 

So, what would prevent me from returning a MIME body of the type
"application/vnd.ietf.keyprov.dskpp+xml" in an HTTP interaction and then
allowing the browser to initiate the full DSKPP exchange? 

Ciao
Hannes
 

>-----Original Message-----
>From: keyprov-bounces at ietf.org 
>[mailto:keyprov-bounces at ietf.org] On Behalf Of ext Anders Rundgren
>Sent: 06 August, 2008 20:01
>To: KEYPROV
>Subject: [KEYPROV] Linking DSKPP to a Browser
>
>Although browser-based operation never were a KEYPROV 
>requirement, it is quite possible that successful adoption 
>will introduce such demands.
>I have played a little bit with the alternatives and I wonder 
>if you have any comments to this document:
>
>http://webpki.org/papers/web/XMLBrowserExtensionScheme.pdf
>
>Regards
>Anders Rundgren
>
>_______________________________________________
>KEYPROV mailing list
>KEYPROV at ietf.org
>https://www.ietf.org/mailman/listinfo/keyprov
>
_______________________________________________
KEYPROV mailing list
KEYPROV at ietf.org
https://www.ietf.org/mailman/listinfo/keyprov

References:
- [KEYPROV] Linking DSKPP to a Browser
  - From: Anders Rundgren
- Re: [KEYPROV] Linking DSKPP to a Browser
  - From: Tschofenig, Hannes (NSN - FI/Espoo)

Prev by Date: Re: [KEYPROV] Phone Conference Call about KEYPROV Documents: Bridge
Next by Date: [KEYPROV] PSKC scope and interoperability
Previous by thread: Re: [KEYPROV] Linking DSKPP to a Browser
Next by thread: Re: [KEYPROV] Phone Conference Call about KEYPROV Documents: Bridge
Index(es):
- Date
- Thread