Last updated: 
6 days 11 hours ago
Group Manager
Project Moonshot is a Janet-led initiative, in partnership with the GÉANT project and others, to develop a single unifying technology for extending the benefits of federated identity to a broad range of non-Web services, including Cloud infrastructures, High Performance Computing & Grid infrastructures and other commonly deployed services including mail, file store, remote access and instant messaging. The goal of the technology is to enable the management of access to a broad range of services and applications, using a single technology and infrastructure. This is expected to significantly improve the delivery of these services by providing users with a common single sign-on, for both internal and external services. Service providers will be able to more easily offer their services to users from other organisations using a single common authentication mechanism. This will enhance the user’s experience, and reduce costs for those organisations supporting users, and delivering services to them. This group is for community of Moonshot users, whether you're new to the technology, you're currently evaluating and getting to grips with it, or you've deployed it. For the list of guidance available about Moonshot within this group, see the Start Here wiki page. Jisc Assent, the production service underpinned by the Moonshot technology, went live on 25th March 2015. For information on, or to join the Jisc Assent service, please visit http://www.jisc.ac.uk/assent

Moonshot standards milestone achieved

21 January 2014 at 3:22pm

Those of you who have been following Moonshot for a while will be aware that from the outset we have been keen to get the technology adopted as a standard. Thanks to the hard work of the Application Bridging for Federated Access Beyond web (ABFAB) Working Group of the IETF, December saw an important milestone with the publication of three Moonshot-related RFC documents:

RFC 7055

Title: A GSS-API Mechanism for the Extensible Authentication Protocol

Author: Author: S. Hartman, Ed., J. Howlett

URL: http://www.rfc-editor.org/rfc/rfc7055.txt

This document defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API) when using the Extensible Authentication Protocol mechanism.  Through the GS2 family of mechanisms defined in RFC 5801, these protocols also define how Simple Authentication and Security Layer (SASL) applications use the Extensible Authentication Protocol.

RFC 7056

Title: Name Attributes for the GSS-API Extensible Authentication Protocol (EAP) Mechanism

Author: S. Hartman, J. Howlett

URL: http://www.rfc-editor.org/rfc/rfc7056.txt

The naming extensions to the Generic Security Service Application Programming Interface (GSS-API) provide a mechanism for applications to discover authorization and personalization information associated with GSS-API names.  The Extensible Authentication Protocol GSS-API mechanism allows an Authentication, Authorization, and Accounting

(AAA) peer to provide authorization attributes alongside an authentication response.  It also supplies mechanisms to process Security Assertion Markup Language (SAML) messages provided in the AAA response.  This document describes how to use the Naming Extensions API to access that information.

RFC 7057

Title: Update to the Extensible Authentication Protocol (EAP) Applicability Statement for Application Bridging for Federated Access Beyond Web (ABFAB)

Author: S. Winter, J. Salowey

URL http://www.rfc-editor.org/rfc/rfc7057.txt

This document updates the Extensible Authentication Protocol (EAP) applicability statement from RFC 3748 to reflect recent usage of the EAP protocol in the Application Bridging for Federated Access Beyond web (ABFAB) architecture.

These documents are now Proposed Standards in the IETF Standards track. A Proposed Standard specification is “... generally stable, has resolved known design choices, is believed to be well-understood, has received significant community review, and appears to enjoy enough community interest to be considered valuable.”

Following close on their heels is Application Bridging for Federated Access Beyond Web (ABFAB) Architecture, which has reached “last call status” so should be published soon.

This milestone is a great achievement and the authors and the wider ABFAB Working Group should be congratulated.