OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - authentication-context.pdf uploaded





Well not true, WS-Policy is a framework that can deal with any type of
assertion that conforms to the grammar defined in WS-Policy, so these can
be assurance or attestations assertions.  So my view is that the
authentication context is really not needed but rather just extend the
authentication method schema to accommodate.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           <Frederick.Hirsch|
|         |           @nokia.com>      |
|         |                            |
|         |           10/15/2003 09:20 |
|         |           AM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS, <security-services@lists.oasis-open.org>                                                   |
  |       cc:                                                                                                                                    |
  |       Subject:  RE: [security-services] Groups - authentication-context.pdf uploaded                                                         |
  >----------------------------------------------------------------------------------------------------------------------------------------------|




Tony

I do not believe that WS-Policy addresses the same issues as the
authentication context. For example, authentication context can say how
you've authenticated (or want to) in terms of quality of registration and
so on. Sure, this can be considered "policy" in the abstract, but from my
understanding of WS-Policy, this is not addressed specifically by the
WS-Policy drafts.

WS-Policy looks like interesting work, and perhaps there is potential for
WS-Policy to leverage the authentication context work. If and when
WS-Policy is brought to an open standards organization, perhaps that forum
would be appropriate for discussing such combinations.

Do you agree?

regards, Frederick

Frederick Hirsch
Nokia Mobile Phones




> -----Original Message-----
> From: ext Anthony Nadalin [mailto:drsecure@us.ibm.com]
> Sent: Wednesday, October 15, 2003 4:03 PM
> To: security-services@lists.oasis-open.org
> Subject: RE: [security-services] Groups - authentication-context.pdf
> uploaded
>
>
>
>
>
>
>
> >This enables SP to make the right business decision and execute the
> transaction properly.
>
> This is a prime example of policy (WS-Policy), not
> authentication context
> as it goes beyond authentication
>
> Anthony Nadalin
>
>
>
> To unsubscribe from this mailing list (and be removed from
> the roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/security-services
/members/leave_workgroup.php.


To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php
.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]