Browse Prior Art Database

Application Bridging for Federated Access Beyond Web (ABFAB) Architecture (RFC7831) Disclosure Number: IPCOM000246712D
Original Publication Date: 2016-May-01
Included in the Prior Art Database: 2016-Jun-29

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Howlett: AUTHOR [+3]


Numerous security mechanisms have been deployed on the Internet to manage access to various resources. These mechanisms have been generalized and scaled over the last decade through mechanisms such as the Simple Authentication and Security Layer (SASL) with the Generic Security Server Application Program Interface (GSS-API) (known as the GS2 family) [RFC5801]; the Security Assertion Markup Language (SAML) [OASIS.saml-core-2.0-os]; and the Authentication, Authorization, and Accounting (AAA) architecture as embodied in RADIUS [RFC2865] and Diameter [RFC6733].

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 2% of the total text.

Internet Engineering Task Force (IETF)                        J. Howlett Request for Comments: 7831                                          Jisc Category: Informational                                       S. Hartman ISSN: 2070-1721                                        Painless Security                                                            H. Tschofenig                                                                 ARM Ltd.                                                                J. Schaad                                                           August Cellars                                                                 May 2016

       Application Bridging for Federated Access Beyond Web (ABFAB)                               Architecture


   Over the last decade, a substantial amount of work has occurred in    the space of federated access management.  Most of this effort has    focused on two use cases: network access and web-based access.    However, the solutions to these use cases that have been proposed and    deployed tend to have few building blocks in common.

   This memo describes an architecture that makes use of extensions to    the commonly used security mechanisms for both federated and non-    federated access management, including the Remote Authentication    Dial-In User Service (RADIUS), the Generic Security Service    Application Program Interface (GSS-API), the Extensible    Authentication Protocol (EAP), and the Security Assertion Markup    Language (SAML).  The architecture addresses the problem of federated    access management to primarily non-web-based services, in a manner    that will scale to large numbers of Identity Providers, Relying    Parties, and federations.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for informational purposes.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Not all documents    approved by the IESG are a candidate for any level of Internet    Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at