2.1.1 Applications Open Area Meeting (apparea)

Current Meeting Report

APPAREA Open Meeting
Minutes

The Applications Area Open Meeting of the 58th IETF was held the morning of 
November 10th, 2003, in Salon F, with about 95 persons present. 
Marshall Rose volunteered to be Jabber Scribe, and John Leslie 
volunteered to take minutes. Ted Hardie called the meeting to order at 
9:01.


Ted announced that Ned Freed is much recovered from surgeries, but still not 
able to travel. He can be reached by email.


Under Agenda-bashing, Ted explained the conflict with HIPBOF, 
scheduled for this same time period. Ted suggested we schedule a second 
meeting Wednesday afternoon if it turns out we need interaction between the 
HIPBOF people and the rest of us.


Chris Newman presented an extension to the IMAP protocol (URLAUTH) for 
"Pawn Ticket" authorization without authentication.



http://www.ietf.org/internet-drafts/draf
t-crispin-imap-urlauth-04.txt


In the interests of scalability, it is assumed that the submit function may 
be on a separate machine, which will access the message store to access 
authorized pieces for forwarding. This will prove helpful for 
bandwidth-limited clients such as cell phones.


In the question period, Bob Morgan commented on the interest in 
attribute-based authentication. Hilary Orman asked whether possible 
backlash from misunderstandings about the limited security was 
considered. For example, responses at an Internet Cafe may be cached. 
Chris responded that pawn tickets can be time-limited. Lisa Dusseault 
mentioned experience with WEBDAV. Dave Crocker opined that this 
provides better security through fine-grained access control. Bob Morgan 
talked about problems with everyone sticking stuff at the end of URLs. It 
would be good to standardize this, but beware of reusing the existing auth 
slot.


Ted Hardie asked if we should start a mailing-list to discuss this. There 
was interest in that.


Stephen Legg presented work on XML Enabled Directories:



http://www.ietf.org/internet-drafts/draf
t-legg-xed-roadmap-01.txt


Prior to LDAP, many programs duplicated application data. LDAP designed a 
shared repository. Since LDAP, we have a proliferation of 
client-server applications with uncoordinated definitions of complex data. 
XED seeks to encourage the use of XML schema for user-level 
definition of complex data, enabling searching across 
client-server applications.


During the question period, several people asked about data 
transport. Stephen explained problems with prior transport 
mechanisms, but I couldn't quite follow what he's proposing. Chris Newman 
asked about the learning curve: are we shuffling together too many 
things? Stephen agreed you won't learn it "in a day", but feels that the 
design will ease implementation.


Ted Hardie cut off further questions at 10:14 due to time 
constraints.


Leslie Daigle presented work on S-NAPTR:



http://www.ietf.org/internet-drafts/draf
t-daigle-napstr-03.txt


This deals with server location and discovery (not transport). Think of 
this as a layer above SRV resource records. The DDDS application defined 
here is more straightforward than unrestricted use of NAPTR records. (The 
text on some example slides was too small for the back of the room, but 
nobody chose to move forward.) The presentation slides are at:



http://www.ecotroph.net/~anewton/s-naptr-openapps.ppt


During the question period, Dave Crocker asked how much real use NAPTR is 
getting. Leslie pointed out ENUM and IRIS in the CRISP working group. Dave 
also asked why DNS should support this sort of search. Leslie answered it 
enables one domain's administrator to point to service elsewhere without 
worrying about the internal details of how that service is provided. Chris 
Newman pointed out that SRV has seen very slow deployment. Mark Andrews 
questioned whether this would exceed DNS limits. Leslie agreed it could 
blow the UDP limits, depending on how the zone is set up.


Ted Hardie cut off further questions at 10:40 due to time 
constraints.


Andrew McGregor introduced the work of the Host Identification Protocol 
BOF, running concurrently with this session. This work has been 
discussed at several prior IETFs, with no Working Group formed. The base 
protocol is more-or-less ready. The HIP protocol integrates security, 
mobility, and multi-homing, inserting a new layer between IP and 
transport, using a cryptographic Host Identifier. There are four 
Internet Drafts, and five public implementations, using four different 
operating systems.


During the question period, Paul Hoffman asked why this is 
ESP-specific. Andrew answered that you can bypass encryption. Dave 
Crocker stated he has seen six or eight dramatically different 
proposals; and that we need feedback from applications to the 
transport groups. Ted Hardie asked why this is a cryptographic 
namespace. Answer, to reduce DoS attacks. Ted also noted that 
"puzzles" are costly. Andrew noted that puzzle hardness can start near zero 
and double until the DoS disappears. Chris Newman begged that HIP limit 
itself to one API.


Ted Hardie promised to try to set up further discussion during the 
3:30-5:30 time slot on Wednesday.


Open Mike started at 11:16. Bob Morgan noted that SIMPLE is working on 
XCAP. Someone announced plans to attempt a bar-BOF on XED Wednesday or 
Thursday.


The meeting was closed at 11:24.

Slides

Service location & discovery: S-NAPTR