OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Smart Browser

Hal

The intent is not to invent a new protocol.  The intent, as I proposed,
is to use Kerberos, or the Needham and Schroedar protocol upon which
Kerberos is based.  The existing SAML browser protocols, IMHO, lean more
towards the invention of new protocols than what I am suggesting.
Specifically, I am suggesting that we use existing, well known protocols
in the smart browser profile.

Don

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, October 18, 2001 9:41 AM
To: Flinn, Don; Oasis Sstc (E-mail)
Subject: RE: [security-services] Smart Browser


I don't understand the motive for inventing a new authentication
protocol.
History has shown that this is something which is fraught with risk. It
seems to me that we have plenty of good ones already, they are just not
widely deployed. This one seems particularly puzzling since is has
essentially the same external characteristics as Kerberos.

This also seems to violate what I understood to be the intent of the
SAML
requirement we all agreed to last spring.

"SAML will not propose any new cryptographic technologies or models for
security; instead, the emphasis is on description and use of well-known
security technologies utilizing a standard syntax (markup language) in
the
context of the Internet."

Hal 

> -----Original Message-----
> From: Flinn, Don [mailto:Don.Flinn@hitachisoftware.com]
> Sent: Tuesday, October 16, 2001 3:04 PM
> To: Oasis Sstc (E-mail)
> Subject: [security-services] Smart Browser
> 
> 
> I had to drop out of today's focus group for another meeting.  
> 
> I would like to get a reading from the group on the Smart Browser
> Profile concept that I put on the mailing list a couple of weeks ago.
> There has been no discussion on this.  I would like to know 
> whether this
> means that there is no interest and the idea should be dropped or
> whether people thought it worthwhile, in which case I would do
> additional work on it, or hated the idea.  
> 
> I have attached the writeup again for easy reference.
> 
> Don
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC