APPAREA Open Meeting Minutes The Applications Area Open Meeting of the 58th IETF was held the morning of November 10th, 2003, in Salon F, with about 95 persons present. Marshall Rose volunteered to be Jabber Scribe, and John Leslie volunteered to take minutes. Ted Hardie called the meeting to order at 9:01. Ted announced that Ned Freed is much recovered from surgeries, but still not able to travel. He can be reached by email. Under Agenda-bashing, Ted explained the conflict with HIPBOF, scheduled for this same time period. Ted suggested we schedule a second meeting Wednesday afternoon if it turns out we need interaction between the HIPBOF people and the rest of us. Chris Newman presented an extension to the IMAP protocol (URLAUTH) for "Pawn Ticket" authorization without authentication. http://www.ietf.org/internet-drafts/draf t-crispin-imap-urlauth-04.txt In the interests of scalability, it is assumed that the submit function may be on a separate machine, which will access the message store to access authorized pieces for forwarding. This will prove helpful for bandwidth-limited clients such as cell phones. In the question period, Bob Morgan commented on the interest in attribute-based authentication. Hilary Orman asked whether possible backlash from misunderstandings about the limited security was considered. For example, responses at an Internet Cafe may be cached. Chris responded that pawn tickets can be time-limited. Lisa Dusseault mentioned experience with WEBDAV. Dave Crocker opined that this provides better security through fine-grained access control. Bob Morgan talked about problems with everyone sticking stuff at the end of URLs. It would be good to standardize this, but beware of reusing the existing auth slot. Ted Hardie asked if we should start a mailing-list to discuss this. There was interest in that. Stephen Legg presented work on XML Enabled Directories: http://www.ietf.org/internet-drafts/draf t-legg-xed-roadmap-01.txt Prior to LDAP, many programs duplicated application data. LDAP designed a shared repository. Since LDAP, we have a proliferation of client-server applications with uncoordinated definitions of complex data. XED seeks to encourage the use of XML schema for user-level definition of complex data, enabling searching across client-server applications. During the question period, several people asked about data transport. Stephen explained problems with prior transport mechanisms, but I couldn't quite follow what he's proposing. Chris Newman asked about the learning curve: are we shuffling together too many things? Stephen agreed you won't learn it "in a day", but feels that the design will ease implementation. Ted Hardie cut off further questions at 10:14 due to time constraints. Leslie Daigle presented work on S-NAPTR: http://www.ietf.org/internet-drafts/draf t-daigle-napstr-03.txt This deals with server location and discovery (not transport). Think of this as a layer above SRV resource records. The DDDS application defined here is more straightforward than unrestricted use of NAPTR records. (The text on some example slides was too small for the back of the room, but nobody chose to move forward.) The presentation slides are at: http://www.ecotroph.net/~anewton/s-naptr-openapps.ppt During the question period, Dave Crocker asked how much real use NAPTR is getting. Leslie pointed out ENUM and IRIS in the CRISP working group. Dave also asked why DNS should support this sort of search. Leslie answered it enables one domain's administrator to point to service elsewhere without worrying about the internal details of how that service is provided. Chris Newman pointed out that SRV has seen very slow deployment. Mark Andrews questioned whether this would exceed DNS limits. Leslie agreed it could blow the UDP limits, depending on how the zone is set up. Ted Hardie cut off further questions at 10:40 due to time constraints. Andrew McGregor introduced the work of the Host Identification Protocol BOF, running concurrently with this session. This work has been discussed at several prior IETFs, with no Working Group formed. The base protocol is more-or-less ready. The HIP protocol integrates security, mobility, and multi-homing, inserting a new layer between IP and transport, using a cryptographic Host Identifier. There are four Internet Drafts, and five public implementations, using four different operating systems. During the question period, Paul Hoffman asked why this is ESP-specific. Andrew answered that you can bypass encryption. Dave Crocker stated he has seen six or eight dramatically different proposals; and that we need feedback from applications to the transport groups. Ted Hardie asked why this is a cryptographic namespace. Answer, to reduce DoS attacks. Ted also noted that "puzzles" are costly. Andrew noted that puzzle hardness can start near zero and double until the DoS disappears. Chris Newman begged that HIP limit itself to one API. Ted Hardie promised to try to set up further discussion during the 3:30-5:30 time slot on Wednesday. Open Mike started at 11:16. Bob Morgan noted that SIMPLE is working on XCAP. Someone announced plans to attempt a bar-BOF on XED Wednesday or Thursday. The meeting was closed at 11:24. |