[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Challenge-Response/OBI & S2ML (Anders Rundgren's suggestion )
I agree with you that use-cases and requirements need to be developed first. Suggestions to cover one area of security or another should be driven by some use-cases. It would also help if there were some informal explanation of the general utility of providing a standard for the feature of interest. There has been some attempt to articulate use-cases and requirements in S2ML 0.8a. I feel it certainly provides a point of reference and a place to start from. Of course, this group can discuss any topic that matches the group charter. - prateek mishra > -----Original Message----- > From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] > Sent: Thursday, January 11, 2001 2:07 PM > To: 'Anders Rundgren'; Orchard, David; > security-services@lists.oasis-open.org > Subject: RE: Challenge-Response/OBI & S2ML (Anders Rundgren's > suggestion > ) > > > I for one would like to see a clear statement of what you are > proposing. > > Since the TC just had its first meeting and there was no > technical content > discussed, I don't see how anybody can claim that such and > such is in or out > of the spec at this point. In my opinion, as we agreed, S2ML > is one of the > inputs to this work, but as of today, the TC has NO documents. > > I also don't see how you can answer a question like Anders' > without agreeing > on some use cases. If we agree to support a use case that requires his > whatever it is, them we must support that feature. > > Conversely, as a general principle, we should not put > anything in the specs > that is not required by some use case. > > Hal > > > -----Original Message----- > > From: Anders Rundgren [mailto:anders.rundgren@telia.com] > > Sent: Thursday, January 11, 2001 1:22 PM > > To: Orchard, David; security-services@lists.oasis-open.org > > Subject: Re: Challenge-Response/OBI & S2ML (Anders Rundgren's > > suggestion > > ) > > > > > > David, > > > > > I guess it's open to debate, but Jamcracker plans on voting > > against any > > > addition of challenge/response of credentials. > > > > As I wrote to Zahid, it is not such a surprise if the > > original authors want to continue on > > the path *they* set. I have no problems with your position, > > but I do think that either > > we take that voting pretty soon to avoid potentially endless > > boring debates and flamings, > > or assign a sub-group to prepare material for general comments. > > > > If there is a majority supporting the current scheme (in > > spite of not seen any > > alternatives whatsoever) the voting should be quick and painless. > > > > So I would like to Challenge the TC! Now, where is the > > Response? :-) :-) > > > > - NO > > - YES > > - or limited-time task-force > > > > Regards > > Anders > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC