OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] Password operations...

My take is that 

Password Validation is typically used by password mgmt systems to validate
the a given password actually matches the encrypted one. This is more of an
authentication event and not a provisioning event so I do not see how it
really relate to SPML.

As for checking password against policies, it is a useful service for a
password mgmt RA that would like to enforce policies without actually
changing passwords. Nevertheless, it seems to be more straight forward and
more relevant to SPML to provide a proper response to the Change Password
operation instead of shifting the password policy logic checking to the RA .

Doron


-----Original Message-----
From: Jeff Bohren [mailto:jbohren@opennetwork.com] 
Sent: Wednesday, May 05, 2004 6:48 PM
To: provision@lists.oasis-open.org
Subject: RE: [provision] Password operations...



Good question. I'm not sure if there is a difference, unless one means to
just validate and return a true or false and the other means to return the
policy that the password failed, if indeed it failed.

That, of course, is a very interesting issue. If we define an operation that
checks passwords against policies, should that operation be able to return
policies that the password violates? If so, then do we need to define a
standard representation of password policies?

Jeff Bohren
Product Architect
OpenNetwork Technologies, Inc
 
Try the industry's only 100% .NET-enabled identity management software.
Download your free copy of Universal IdP Standard Edition today. Go to
www.opennetwork.com/eval.
 


-----Original Message-----
From: Gary Cole [mailto:Gary.P.Cole@Sun.COM] 
Sent: Wednesday, May 05, 2004 11:33 AM
To: Jeff Bohren
Cc: provision@lists.oasis-open.org
Subject: Re: [provision] Password operations...


What's the difference between 'validatePassword' and 
'checkPasswordAgainstPolicy'?  Does 'validatePassword' check for a match

to the current password value?

Jeff Bohren wrote:

> In a previous thread Gerry brought up some other password related
> operations:
>  
> validatePassword(id, password)
> checkPasswordAgainstPolicy(password)
> generatePassword(id)
> It seems that these would be really useful, but so far they have not 
> been raised formally as use cases or requirements. I would like to see

> use cases and requirements added for these operations. How does the
> rest of the committee feel about it? Would these be operations that 
> you would like SPML 2.0 to support? Would you prefer to see the 
> support implicit or explicit?
>  
> Are there any other password related operations that anyone can think
> of?
>  
> Jeff Bohren
> Product Architect
> OpenNetwork Technologies, Inc
>  
> *Try the industry's only 100% .NET-enabled identity management 
> software. Download your free copy of Universal IdP Standard Edition 
> today. Go to **www.opennetwork.com/eval*
> <http://www.opennetwork.com/eval>*.*
>  
>  




To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_workgro
up.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]