profile/registration and binding-assertions-into-protocols

[Jeff Hodges <jhodges@oblix.com>]

I didn't get as far as I'd like tonight in terms of actually writing stuff down
about "profiles and profiling and/or registration", but have some time tomorrow
to continue to work on this stuff. 

Basically, to just convey where I'm coming from in terms of profiles -- I
believe that the examples provided especially by..

  The Blocks Extensible Exchange Protocol Core
  http://www.normos.org/ietf/draft/draft-ietf-beep-framework-11.txt

  Mapping the BEEP Core onto TCP
  http://www.normos.org/ietf/draft/draft-ietf-beep-tcpmapping-06.txt

  Simple Authentication and Security Layer (SASL)
  http://www.ietf.org/rfc/rfc2222.txt

  Using Digest Authentication as a SASL Mechanism
  http://www.ietf.org/rfc/rfc2831.txt

..are relevant and can be leveraged to a fair degree. 

There's also other examples, such as..

Service Location Protocol (SLP) Templates
ftp://ftp.isi.edu/in-notes/iana/assignments/svrloc-templates/
ftp://ftp.isi.edu/in-notes/iana/assignments/svrloc-templates/naming-directory_ldap.1.0.en

In terms of binding-assertions-into-protocols, SASL provides an example of a
general framework for "binding" authentication information into protocols,
yielding a notion of "session". LDAPv3 provides an example of a protocol that
makes use of SASL, and also of TLS/SSL. Language describing from LDAPv3's
perspective what it takes to make use of SASL and TLS/SSL is in RFCs 2829 and
2830. For BEEP's perspective, see section 4 of
draft-ietf-beep-framework-11.txt.

I think it's reasonable, given the stage we're at, to extract overall ideas,
techniques, and language from the above (I'll also look at SOAP, ebXML, etc as
IIRC they have similar aspects), as well as the pertinent sections of S2MLv0.8a
& AuthXML-2000-11-22 in order to get this stuff started. 

Thoughts?

JeffH