OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Authentication Token

Title: RE: [dss] Authentication Token

I would be supportive of the proposal since it could be usefull for codesigning profile as well.

Cheers

Pieter

-----Original Message-----
From: Ed Shallow [mailto:ed.shallow@rogers.com]
Sent: 19 October 2004 20:04
To: Nick Pope; OASIS DSS TC
Subject: Re: [dss] Authentication Token

Nick,
 
    Well put. I like the extensibility of the RequesterIdentity structure (i.e. the SupportingInfo). Perhaps we could add SupportingInfo to ClaimedIdentity. In the EPM profile draft I had reused RequesterIdentity as an OptionalInput.

 
Ed

Nick Pope <pope@secstan.com> wrote:

        As discussed at yesterdays phone conference:
       
        a) In in discuss the JP Morgan/RSA system the requirement to add the
        capability to carry an authentication token (one time password, SAML
        assertion ...) in a DSS has been identified
       
        b) A similar requirement has been identified in EPM
       
        Previously, it had been decided that such a capability was not necessary as
        such authentication information could be carried in the underlying binding.
        Although there were views that such a feature would be useful, at the time
        the case was not strong enough for putting this in the core.
       
        Given that there are two profiles where this need has come up again, I would
        suggest that we need to revisit whether such an element should be added to
        the core.
       
        The element to carry such an authentication token could be either a new
        optional input, or an extensi on to ClaimedId. I would prefer an extension
        to the ClaimedId element as the authentication is logically associated with
        the Id.
       
        Views?
       
       
        Nick
       
        PS:
        Whilst looking at this I note that the saml:NameIdentifierType that we use
        has been replaced in the new SAML assertion syntax by "NameIDType". Do we
        want to follow them, stay referring to an old syntax, or split off from
        SAML?
       
       
       
        To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php.

       
       

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]