| draft-ietf-dhc-options-uap-00.txt | draft-ietf-dhc-options-uap-01.txt | |||
|---|---|---|---|---|
| Dynamic Host Configuration Working Group Steve Drach | Network Working Group S. Drach | |||
| INTERNET-DRAFT Sun Microsystems, Inc. | INTERNET-DRAFT Sun Microsystems | |||
| August 1998 | Obsoletes: draft-ietf-dhc-options-uap-00.txt September 1998 | |||
| Expires February 1999 | Expires March 1999 | |||
| DHCP Option for User Authentication Protocol | DHCP Option for User Authentication Protocol | |||
| <draft-ietf-dhc-options-uap-00.txt> | <draft-ietf-dhc-options-uap-01.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft. Internet-Drafts are working | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||
| and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||
| working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| skipping to change at page 1, line 31 | skipping to change at line 30 | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| To view the entire list of current Internet-Drafts, please check the | To view the entire list of current Internet-Drafts, please check the | |||
| "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow | "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow | |||
| Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern | Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern | |||
| Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific | Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific | |||
| Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). | Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). | |||
| Abstract | Abstract | |||
| This document defines a DHCP [1] option that contains a pointer to a | This document defines a DHCP [1] option that contains a list of | |||
| User Authentication Protocol server that provides user authentication | pointers to User Authentication Protocol servers that provide user | |||
| services for clients that conform to The Open Group Network Computer | authentication services for clients that conform to The Open Group | |||
| Technical Standard. | Network Computing Client Technical Standard [2]. | |||
| Introduction | Introduction | |||
| The Open Group Network Computer Technical Standard, a product of The | The Open Group Network Computing Client Technical Standard, a product | |||
| Open Group's Network Computer Working Group (NCWG), defines a network | of The Open Group's Network Computing Working Group (NCWG), defines a | |||
| computer user authentication facility named the User Authentication | network computing client user authentication facility named the User | |||
| Protocol (UAP). | Authentication Protocol (UAP). | |||
| UAP provides two levels of authentication, basic and secure. Basic | UAP provides two levels of authentication, basic and secure. Basic | |||
| authentication uses the Basic Authentication mechanism defined in the | authentication uses the Basic Authentication mechanism defined in the | |||
| HTTP 1.1 [2] specification. Secure authentication is simply basic | HTTP 1.1 [3] specification. Secure authentication is simply basic | |||
| authentication encapsulated in an SSLv3 [3] session. | authentication encapsulated in an SSLv3 [4] session. | |||
| In both cases, a UAP client needs to obtain the IP address and port | In both cases, a UAP client needs to obtain the IP address and port | |||
| of the UAP service. Additional path information may be required, | of the UAP service. Additional path information may be required, | |||
| depending on the implementation of the service. A URL [4] is an | depending on the implementation of the service. A URL [5] is an | |||
| excellent mechanism for encapsulation of this information since many | excellent mechanism for encapsulation of this information since many | |||
| UAP servers will be implemented as components within legacy HTTP/SSL | UAP servers will be implemented as components within legacy HTTP/SSL | |||
| servers. | servers. | |||
| Most UAP clients have no local state and are configured when booted | Most UAP clients have no local state and are configured when booted | |||
| through DHCP. No existing DHCP option [5] has a data field that | through DHCP. No existing DHCP option [6] has a data field that | |||
| contains a URL. Option 72 contains a list of IP addresses for WWW | contains a URL. Option 72 contains a list of IP addresses for WWW | |||
| servers, but it is not adequate since a port and/or path can not be | servers, but it is not adequate since a port and/or path can not be | |||
| specified. Hence there is a need for an option that contains a URL. | specified. Hence there is a need for an option that contains a list | |||
| of URLs. | ||||
| User Authentication Protocol Option | User Authentication Protocol Option | |||
| This option specifies a URL pointing to a user authentication service | This option specifies a list of URLs, each pointing to a user | |||
| that will process authentication requests encapsulated in the User | authentication service that is capable of processing authentication | |||
| Authentication Protocol (UAP). UAP servers can accept either HTTP | requests encapsulated in the User Authentication Protocol (UAP). UAP | |||
| 1.1 or SSLv3 connections. If the URL does not contain a port | servers can accept either HTTP 1.1 or SSLv3 connections. If the list | |||
| component, the normal default port is assumed (i.e., port 80 for http | includes a URL that does not contain a port component, the normal | |||
| and port 443 for https). | default port is assumed (i.e., port 80 for http and port 443 for | |||
| https). If the list includes a URL that does not contain a path | ||||
| component, the path /uap is assumed. | ||||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Code | Length | URL | | Code | Length | URL list | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Code TBD | Code TBD | |||
| Length The length of the data field (i.e., URL) in bytes. | Length The length of the data field (i.e., URL list) in | |||
| bytes. | ||||
| URL URL pointing to the UAP service. | URL list A list of one or more URLs separated by the ASCII | |||
| space character (0x20). | ||||
| References | References | |||
| [1] Droms, R., "Dynamic Host Configuration Protocol", RFC-2131, | Droms, R., "Dynamic Host Configuration Protocol", RFC-2131, March | |||
| March 1997. | 1997. | |||
| [2] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. | Technical Standard: Network Computing Client, The Open Group, | |||
| Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC- | Document Number C801, October 1998. | |||
| 2068, January 1997. | ||||
| [3] Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol, Ver- | Fielding, R., Gettys, J., Mogul, J., Frystyk, H., and T. Berners-Lee, | |||
| sion 3.0", Internet Draft, November 1996. | "Hypertext Transfer Protocol -- HTTP/1.1", RFC-2068, January 1997. | |||
| [4] Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform | Freier, A., Karlton, P., and P. Kocher, "The SSL Protocol, Version | |||
| Resource Locators (URL)", RFC-1738, December 1994. | 3.0", Internet Draft, November 1996. | |||
| [5] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform Resource | |||
| Locators (URL)", RFC-1738, December 1994. | ||||
| Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | ||||
| Extensions", RFC-2132, March 1997. | Extensions", RFC-2132, March 1997. | |||
| Security Considerations | Security Considerations | |||
| DHCP currently provides no authentication or security mechanisms. | DHCP currently provides no authentication or security mechanisms. | |||
| Potential exposures to attack are discussed in section 7 of the DHCP | Potential exposures to attack are discussed in section 7 of the DHCP | |||
| protocol specification. | protocol specification. | |||
| Author's Address | Author's Address | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||