Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Transport Layer Security (TLS) Authorization Extensions (RFC5878)

IP.com Disclosure Number: IPCOM000195586D
Original Publication Date: 2010-May-01
Included in the Prior Art Database: 2010-May-06
Document File: 38 page(s) / 45K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Brown: AUTHOR [+2]

Abstract

The Transport Layer Security (TLS) protocol ([TLS1.0], [TLS1.1], [TLS1.2]) is being used in an increasing variety of operational environments, including ones that were not envisioned at the time of the original design for TLS. The extensions introduced in this document are designed to enable TLS to operate in environments where authorization information needs to be exchanged between the client and the server before any protected data is exchanged. The use of these TLS authorization extensions is especially attractive when more than one application protocol can make use of the same authorization information.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Internet Engineering Task Force (IETF)                          M. Brown Request for Comments: 5878                             RedPhone Security Updates: 5246                                                 R. Housley Category: Experimental                                    Vigil Security ISSN: 2070-1721                                                 May 2010

         Transport Layer Security (TLS) Authorization Extensions

Abstract

   This document specifies authorization extensions to the Transport    Layer Security (TLS) Handshake Protocol.  Extensions are carried in    the client and server hello messages to confirm that both parties    support the desired authorization data types.  Then, if supported by    both the client and the server, authorization information, such as    attribute certificates (ACs) or Security Assertion Markup Language    (SAML) assertions, is exchanged in the supplemental data handshake    message.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for examination, experimental implementation, and    evaluation.

   This document defines an Experimental Protocol for the Internet    community.  This document is a product of the Internet Engineering    Task Force (IETF).  It represents the consensus of the IETF    community.  It has received public review and has been approved for    publication by the Internet Engineering Steering Group (IESG).  Not    all documents approved by the IESG are a candidate for any level of    Internet Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at    http://www.rfc-editor.org/info/rfc5878.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    (http://trustee.ietf.org/license-info) in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect

Brown & Housley               Experimental                      [Page 1]
 RFC 5878              TLS Authorization Extensions              May 2010

    to this document.  Code Components extracted from this document must    include Simplified BSD License text as described in Section 4.e of    the Trust Legal Provisions and are provided without warranty as    described in the Simplified BSD License.

1.  Introduction

   The Transport Layer Security (TLS) pro...