Common Authentication Technology (cat)
--------------------------------------
 
 Charter 
 
 Current status: active working group
 
 Chair(s):
     John Linn <john.linn@ov.com>
 
 Security Area Director(s): 
     Jeffrey Schiller  <jis@mit.edu>
 
 Mailing lists: 
     General Discussion:cat-ietf@mit.edu
     To Subscribe:      cat-ietf-request@mit.edu
     Archive:           bitsy.mit.edu:~/cat-ietf/archive
 
Description of Working Group:
 
The goal of the Common Authentication Technology Working Group is to
provide strong authentication to a variety of protocol callers in a
manner which insulates those callers from the specifics of underlying
security mechanisms.  By separating security implementation tasks from
the tasks of integrating security data elements into caller protocols,
those tasks can be partitioned and performed separately by
implementors with different areas of expertise.  This provides
leverage for the IETF community's security-oriented resources, and
allows protocol implementors to focus on the functions their protocols
are designed to provide rather than on characteristics of security
mechanisms.  CAT seeks to encourage uniformity and modularity in
security approaches, supporting the use of common techniques and
accommodating evolution of underlying technologies.

In support of these goals, the working group will pursue several
interrelated tasks.  We will work towards agreement on a common
service interface allowing callers to invoke security services, and
towards agreement on a common authentication token format,
incorporating means to identify the mechanism type in conjunction with
which authentication data elements should be interpreted.  The CAT
Working Group will also work towards agreements on suitable underlying
mechanisms to implement security functions; two candidate
architectures (Kerberos V5, based on secret-key technology and
contributed by MIT, and X.509-based public-key Distributed
Authentication Services being prepared for contribution by DEC) are
under current consideration.  The CAT Working Group will consult with
other IETF working groups responsible for candidate caller protocols,
pursuing and supporting design refinements as appropriate.

 
 Goals and Milestones: 
 
     Done Progress Internet-Draft and RFC publication of mechanism-level       
          documents to support independent, interoperable implementations      
          of CAT-supporting mechanisms.                                        

     Done Preliminary BOF session at IETF meeting, discussions with TELNET     
          and Network Printing Working Groups.                                 

     Done Distribute Generic Security Service Application Program              
          Interface (GSS-API) documentation through Internet-Draft process.    

     Done First IETF meeting as full working group: review charter distribute 
          documents, and status of related implementation, integration, and 
          consulting liaison activities. Schedule follow-on tasks, including 
          documentation plan for specific CAT-supporting security mechanisms.  

     Done Update mechanism-independent Internet-Drafts in response to issues 
          raised, distribute additional mechanism-specific documentation 
          including Distributed Authentication Services architectural 
          description and terms/conditions for use of the technology documented
          therein.                                                             

     Done Second IETF meeting:  Review distributed documents and status of 
          related activities, continue consulting liaisons.   Discuss features 
          and characteristics of underlying mechanisms. Define scope and 
          schedule for follow-on work.                                         

     Done Submit service interface specification to to the IESG for 
          consideration as a Proposed Standard.                                


 Internet-Drafts:

Posted Revised       I-D Title  <Filename>
------ ------- ------------------------------------------
 Mar 94 Feb 95  <draft-ietf-cat-kerb5gss-02.txt> 
                The Kerberos Version 5 GSS-API Mechanism                       
 
 Jul 94 Oct 94  <draft-ietf-cat-spkmgss-01.txt> 
                The Simple Public-Key GSS-API Mechanism (SPKM)                 
 
 Nov 94 New     <draft-ietf-cat-gssv2-00.txt> 
                Generic Security Service Application Program Interface, Version
                2                                                              
 
 Nov 94 New     <draft-ietf-cat-iop-gss-00.txt> 
                Independent Object Protection Generic Security Service 
                Application Program Interface  (IOP-GSS-API)                   
 
 Nov 94 New     <draft-ietf-cat-kerberos-passwords-00.txt> 
                Integrating One-time Passwords with Kerberos                   

 Request For Comments:

  RFC  Stat Published    Title 
------- -- ---------- -----------------------------------------
RFC1508 PS   Sep 93     Generic Security Service Application Program Interface 
 
RFC1507 E    Sep 93     DASS - Distributed Authentication Security Service     
 
RFC1510 PS   Sep 93     The Kerberos Network Authentication Service (V5)       
 
RFC1511 I    Sep 93     Common Authentication Technology Overview              
 
RFC1509 PS   Sep 93     Generic Security Service API : C-bindings