[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Smart Browser
Sorry for the late reply....I was on the road. Indeed, I agree with Don as well. This is not a new protocol or a new cryptographic technique. It is well within SAML's context of "...using well-known security technologies utilizing a standard syntax (markup language) in the context of the Internet". I feel that we are missing the scenario where a RP can authenticate a Subject *without* needing to query the authentication mechanism. This is a very important need and the smart browser profile, as suggested by Don, augmented via Secure Remote Password (SRP) would fulfill this need. Thanks Jahan --------------------------- Jahan Moreh Chief Security Architect Sigaba Corp. jmoreh@sigaba.com <mailto:jmoreh@sigaba.com> cell: 310.890.9391 tel: 310.286.3070 >-----Original Message----- >From: Flinn, Don [mailto:Don.Flinn@hitachisoftware.com] >Sent: Thursday, October 18, 2001 7:05 AM >To: Hal Lockhart; Oasis Sstc (E-mail) >Subject: RE: [security-services] Smart Browser > > >Hal > >The intent is not to invent a new protocol. The intent, as I proposed, >is to use Kerberos, or the Needham and Schroedar protocol upon which >Kerberos is based. The existing SAML browser protocols, IMHO, >lean more >towards the invention of new protocols than what I am suggesting. >Specifically, I am suggesting that we use existing, well known >protocols >in the smart browser profile. > >Don > >-----Original Message----- >From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] >Sent: Thursday, October 18, 2001 9:41 AM >To: Flinn, Don; Oasis Sstc (E-mail) >Subject: RE: [security-services] Smart Browser > > >I don't understand the motive for inventing a new authentication >protocol. >History has shown that this is something which is fraught with risk. It >seems to me that we have plenty of good ones already, they are just not >widely deployed. This one seems particularly puzzling since is has >essentially the same external characteristics as Kerberos. > >This also seems to violate what I understood to be the intent of the >SAML >requirement we all agreed to last spring. > >"SAML will not propose any new cryptographic technologies or models for >security; instead, the emphasis is on description and use of well-known >security technologies utilizing a standard syntax (markup language) in >the >context of the Internet." > >Hal > >> -----Original Message----- >> From: Flinn, Don [mailto:Don.Flinn@hitachisoftware.com] >> Sent: Tuesday, October 16, 2001 3:04 PM >> To: Oasis Sstc (E-mail) >> Subject: [security-services] Smart Browser >> >> >> I had to drop out of today's focus group for another meeting. >> >> I would like to get a reading from the group on the Smart Browser >> Profile concept that I put on the mailing list a couple of weeks ago. >> There has been no discussion on this. I would like to know >> whether this >> means that there is no interest and the idea should be dropped or >> whether people thought it worthwhile, in which case I would do >> additional work on it, or hated the idea. >> >> I have attached the writeup again for easy reference. >> >> Don >> >> > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC