[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - authentication-context.pdf uploaded
Is there a reason not to use the schemas defined in the authentication context specification to represent context information useful for policy, even if used in conjunction with WS-Policy? Is there a schedule for when WS-Policy will be submitted to an open standards organization, enabling it to be considered more fully? regards, Frederick Frederick Hirsch Nokia Mobile Phones > -----Original Message----- > From: ext John Kemp [mailto:john.kemp@earthlink.net] > Sent: Wednesday, October 15, 2003 12:41 PM > To: Anthony Nadalin > Cc: security-services@lists.oasis-open.org > Subject: Re: [security-services] Groups - authentication-context.pdf > uploaded > > > I think there are subtle differences between authentication method, > authentication context, and what I will call authentication context > policy: > > From reading the WS-Policy document, I see that it provides > a framework > for expressing policy decisions. So, one might imagine I could > enumerate both the authentication method policy I support as well as > potentially the the authentication context policy I support, > using that > framework. This seems similar to the WS-SecurityPolicy document that > describes the interface between WS-Security and WS-Policy. > > So, if one of my authentication contexts were > MobileTwoFactorContract > authentication, the authentication methods might be > > a) presence of SIM > b) entry of PIN > > As an authentication authority, my policy might be to offer this > context for my authentications. As a client/relying party of that > authentication authority, I may have the policy that I will > accept only > MobileTwoFactorContract authentication (and I may also either > care or > not care what the two factors/methods are). Such policies could > presumably be expressed using WS-Policy and by creating > extensions for > authentication contexts in a similar fashion to those created for > expressing WS-Security related policies. > > - JohnK > > On Wednesday, Oct 15, 2003, at 11:09 US/Eastern, Anthony > Nadalin wrote: > > > > > > > > > > > Well not true, WS-Policy is a framework that can deal with > any type of > > assertion that conforms to the grammar defined in > WS-Policy, so these > > can > > be assurance or attestations assertions. So my view is that the > > authentication context is really not needed but rather just > extend the > > authentication method schema to accommodate. > > > > Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 > > > > > > |---------+----------------------------> > > | | <Frederick.Hirsch| > > | | @nokia.com> | > > | | | > > | | 10/15/2003 09:20 | > > | | AM | > > |---------+----------------------------> > >> > -------------------------------------------------------------- > -------- > >> > -------------------------------------------------------------- > -------- > >> --| > > | > > > > > > | > > | To: Anthony Nadalin/Austin/IBM@IBMUS, > > <security-services@lists.oasis-open.org> > > > | > > | cc: > > > > > > | > > | Subject: RE: [security-services] Groups - > > authentication-context.pdf uploaded > > > | > >> > -------------------------------------------------------------- > -------- > >> > -------------------------------------------------------------- > -------- > >> --| > > > > > > > > > > Tony > > > > I do not believe that WS-Policy addresses the same issues as the > > authentication context. For example, authentication context > can say how > > you've authenticated (or want to) in terms of quality of > registration > > and > > so on. Sure, this can be considered "policy" in the > abstract, but from > > my > > understanding of WS-Policy, this is not addressed > specifically by the > > WS-Policy drafts. > > > > WS-Policy looks like interesting work, and perhaps there is > potential > > for > > WS-Policy to leverage the authentication context work. If and when > > WS-Policy is brought to an open standards organization, > perhaps that > > forum > > would be appropriate for discussing such combinations. > > > > Do you agree? > > > > regards, Frederick > > > > Frederick Hirsch > > Nokia Mobile Phones > > > > > > > > > >> -----Original Message----- > >> From: ext Anthony Nadalin [mailto:drsecure@us.ibm.com] > >> Sent: Wednesday, October 15, 2003 4:03 PM > >> To: security-services@lists.oasis-open.org > >> Subject: RE: [security-services] Groups - > authentication-context.pdf > >> uploaded > >> > >> > >> > >> > >> > >> > >> > >>> This enables SP to make the right business decision and > execute the > >> transaction properly. > >> > >> This is a prime example of policy (WS-Policy), not > >> authentication context > >> as it goes beyond authentication > >> > >> Anthony Nadalin > >> > >> > >> > >> To unsubscribe from this mailing list (and be removed from > >> the roster of the OASIS TC), go to > >> http://www.oasis-open.org/apps/org/workgroup/security-services > > /members/leave_workgroup.php. > > > > > > To unsubscribe from this mailing list (and be removed from > the roster > > of > > the OASIS TC), go to > > http://www.oasis-open.org/apps/org/workgroup/security-services/ > > members/leave_workgroup.php > > . > > > > > > > > > > To unsubscribe from this mailing list (and be removed from > the roster > > of the OASIS TC), go to > > http://www.oasis-open.org/apps/org/workgroup/security-services/ > > members/leave_workgroup.php. > > > > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]