RFC 3760 (rfc3760) - Page 1 of 22

Securely Available Credentials (SACRED) - Credential Server Framework

Network Working Group                                       D. Gustafson
Request for Comments: 3760                             Future Foundation
Category: Informational                                          M. Just
                                                Treasury Board of Canada
                                                              M. Nystrom
                                                            RSA Security
                                                              April 2004


 Securely Available Credentials (SACRED) - Credential Server Framework

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   As the number, and more particularly the number of different types,
   of devices connecting to the Internet increases, credential mobility
   becomes an issue for IETF standardization.  This document responds to
   the requirements on protocols for secure exchange of credentials
   listed in RFC 3157, by presenting an abstract protocol framework.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Functional Overview. . . . . . . . . . . . . . . . . . . . . .  2
       2.1.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  2
       2.2.  Credentials. . . . . . . . . . . . . . . . . . . . . . .  4
       2.3.  Network Architecture . . . . . . . . . . . . . . . . . .  5
   3.  Protocol Framework . . . . . . . . . . . . . . . . . . . . . .  6
       3.1.  Credential Upload. . . . . . . . . . . . . . . . . . . .  8
       3.2.  Credential Download. . . . . . . . . . . . . . . . . . . 10
       3.3.  Credential Removal . . . . . . . . . . . . . . . . . . . 11
       3.4.  Credential Management. . . . . . . . . . . . . . . . . . 12
   4.  Protocol Considerations. . . . . . . . . . . . . . . . . . . . 12
       4.1.  Secure Credential Formats. . . . . . . . . . . . . . . . 12
       4.2.  Authentication Methods . . . . . . . . . . . . . . . . . 13
       4.3.  Transport Protocol Suites. . . . . . . . . . . . . . . . 16
   5.  Security Considerations. . . . . . . . . . . . . . . . . . . . 17
       5.1.  Communications Security. . . . . . . . . . . . . . . . . 17
       5.2.  Systems Security . . . . . . . . . . . . . . . . . . . . 18



Gustafson, et al.            Informational