> -----Original Message-----
> From: Moonshot community list [mailto:[log in to unmask]]
On
> Behalf Of Scott Cantor
> Sent: Wednesday, March 10, 2010 4:00 PM
> To: [log in to unmask]
> Subject: Re: Bar Bof on Federated Authentication Thursday at 9 PM during
IETF
> week
> 
> > If I understand the draft and motivations behind it correctly,
> > I think a large part of the proposal (draft-howlett-eap-gss)
> > is to develop machine to machine federated identity (and
authentication).
> > Which is why Radius is involved (as it is a common directory
> > infra in many organizations) and SAML Request/Response used
> > to carry authz info.
> 
> That may be part of the goal, but the main application-related point is to
> address non-web applications, and those applications have (quite limited
in
> many cases) user interfaces for authentication. In point of fact, the
basic
> question is whether the appropriate thing to do from a usability
perspective
> is to NOT mess with that and punt all of it to web-based authentication to
> start with.
> 
> So usability is essentially question #1.
> 
> -- Scott

Thanks Scott.

Perhaps I'm confusing "user interface" (as in the end-user)
versus applications interface (as in programming API).
Usability to the developer vs usability to the user/Mom at home.

However, I don't get your last sentence (punt all of
it to web-based authentication). Does this mean we just
use whatever is used today for web-based authentication
(which is primarily username/password over HTMLforms/SSL),
and then modify the authn/authz protocols underneath this
(ie. introduce a new the GSS-EAP API)?

/thomas/