Application Bridging for Federated Access Beyond Web Architecture
RFC 7831, “Application Bridging for Federated Access Beyond Web Architecture”, is an Informational document published in May 2016 by J. Howlett, S. Hartman, H. Tschofenig, J. Schaad. The canonical text is published by the RFC Editor.
Abstract
Over the last decade, a substantial amount of work has occurred in the space of federated access management. Most of this effort has focused on two use cases: network access and web-based access. However, the solutions to these use cases that have been proposed and deployed tend to have few building blocks in common.
This memo describes an architecture that makes use of extensions to the commonly used security mechanisms for both federated and non-federated access management, including the Remote Authentication Dial-In User Service (RADIUS), the Generic Security Service Application Program Interface (GSS-API), the Extensible Authentication Protocol (EAP), and the Security Assertion Markup Language (SAML). The architecture addresses the problem of federated access management to primarily non-web-based services, in a manner that will scale to large numbers of Identity Providers, Relying Parties, and federations.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7831 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7830 The EDNS Padding Option
- RFC 7832 Application Bridging for Federated Access Beyond Web Use Cases
- RFC 7829 SCTP-PF: A Quick Failover Algorithm for the Stream Control Transmission Protocol
- RFC 7833 A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language
- RFC 7828 The edns-tcp-keepalive EDNS0 Option
- RFC 7834 Locator/ID Separation Protocol Impact
- RFC 7827 The Role of the IRTF Chair
- RFC 7835 Locator/ID Separation Protocol Threat Analysis