[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Use Cases & Requirements, Straw Man 1
> -----Original Message----- > From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com] > Sent: Monday, January 29, 2001 11:27 AM > To: UseCaseList > Subject: RE: Use Cases & Requirements, Straw Man 1 ... > One of the non-goals is listed as: "Challenge-response authentication > protocols are outside the scope of [OSSML]." Therefore are all other > possible classes of authentication protocols in? If we want to > restrict the authentication protocols allowed, then I think it would > be better to list the ones in-scope explicitly. I also am puzzled by this item. I don't know the agenda of the concall tomorrow, but perhaps we could discuss it. I would like to know: 1) Precisely what is meant by "Challenge-response authentication protocols"? CHAP? MS C/R? a credentials negotiation scheme like Shibboleth? 2) If we are simply exchanging assertions about authentications which have already occured and we trust the source of the assertion, why do we care how the authentication was done, except to record the method as a part of the assertion? 3) What is the rationale for excluding these protocols in particular? I also agree with Nigel's suggestion that a list of what is supported would be preferable to the current statement. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC