OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Challenge-Response/OBI & S2ML (Anders Rundgren's suggestion )


I agree with you that use-cases and requirements need
to be developed first. Suggestions to cover one area
of security or another should be driven by some 
use-cases.
It would also help if there were some informal explanation
of the general utility of providing a standard for 
the feature of interest.

There has been some attempt to articulate use-cases and
requirements in S2ML 0.8a. I feel it certainly provides a 
point of reference and a place to start from. Of course,
this group can discuss any topic that matches the group charter.


- prateek mishra


> -----Original Message-----
> From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
> Sent: Thursday, January 11, 2001 2:07 PM
> To: 'Anders Rundgren'; Orchard, David;
> security-services@lists.oasis-open.org
> Subject: RE: Challenge-Response/OBI & S2ML (Anders Rundgren's 
> suggestion
> )
> 
> 
> I for one would like to see a clear statement of what you are 
> proposing.
> 
> Since the TC just had its first meeting and there was no 
> technical content
> discussed, I don't see how anybody can claim that such and 
> such is in or out
> of the spec at this point. In my opinion, as we agreed, S2ML 
> is one of the
> inputs to this work, but as of today, the TC has NO documents.
> 
> I also don't see how you can answer a question like Anders' 
> without agreeing
> on some use cases. If we agree to support a use case that requires his
> whatever it is, them we must support that feature. 
> 
> Conversely, as a general principle, we should not put 
> anything in the specs
> that is not required by some use case.
> 
> Hal
> 
> > -----Original Message-----
> > From: Anders Rundgren [mailto:anders.rundgren@telia.com]
> > Sent: Thursday, January 11, 2001 1:22 PM
> > To: Orchard, David; security-services@lists.oasis-open.org
> > Subject: Re: Challenge-Response/OBI & S2ML (Anders Rundgren's 
> > suggestion
> > )
> > 
> > 
> > David,
> > 
> > > I guess it's open to debate, but Jamcracker plans on voting 
> > against any
> > > addition of challenge/response of credentials.  
> > 
> > As I wrote to Zahid, it is not such a surprise if the 
> > original authors want to continue on
> > the path *they* set.  I have no problems with your position, 
> > but I do think that either
> > we take that voting pretty soon to avoid potentially endless 
> > boring debates and flamings,
> > or assign a sub-group to prepare material for general comments.
> > 
> > If there is a majority supporting the current scheme (in 
> > spite of not seen any
> > alternatives whatsoever) the voting should be quick and painless.
> > 
> > So I would like to Challenge the TC!  Now, where is the 
> > Response?  :-) :-)
> > 
> > - NO
> > - YES
> > - or limited-time task-force
> > 
> > Regards
> > Anders
> > 
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC