RE: [security-services] Credentials collection proposal

["Mishra, Prateek" <pmishra@netegrity.com>]

Title: Credentials collection proposal

Mike,

 

a couple of comments:

 

(1) The authentication authority is the centralized respository for authentication

information, not the CC (I believe Hal has already made this point).

 

(2) If the CC is limited to collecting and packaging credentials, for challenge-response

protocols we will need a multi-step interaction between:

 

CC and AA

CC and System Entity

 

The latter is out-of-scope (right?) but we need to worry about the former.

 

(3) The WS-Security work defines several forms of XML credential (certificate,

name-password etc.). Would it be reasonable to link to that? I guess you have

already done that in a way by allowing for future support for XML credentials.

 

- prateek

 

-----Original Message-----
From: Mike Just [mailto:Mike.Just@entrust.com]
Sent: Friday, September 13, 2002 5:04 PM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] Credentials collection proposal

As promised, here's a short (just 3 1/2 pages) proposal for incorporating credentials collection (i.e. a *new* authentication request) into SAML 2.0.  We can discuss on the conference call on Tuesday.

Cheers,
Mike

P.S. Apologies if the schema I've included is horribly incorrect.