OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: ISSUE[UC-5-01:AuthCProtocol]


> ISSUE[UC-5-01:AuthCProtocol] Straw Man 1 explicitly makes
> challenge-response authentication a non-goal. Is specifying which
> types of authc are allowed and what protocols they can use necessary
> for this document? If so, which types and which protocols?
> 
> 
In my opinion it is better to drop the non-goal in favour of listing
explicitly
what is in scope.

I propose that we reuse much of the text from version 0.8a of the S2ML
specification section 2.1. Except that we drop the third bullet point
(it is too vague). This gives us the flowing.

<suggestedtext>

[R-SupportedAuthenticationModes]
  *Server-authenticated SSL connections from browser to web server
  *Password and user-certificate authentication from web browser
  *Existing secure peer-to-peer programming infrastructure based
   on SSL, S/MIME, and XML Signature [XML-SIG].

</suggestedtext>

In the last bullet listed above, I have changed "server-to-server" to
"peer-to-peer" 

The following bullet has been removed (I believe it to be too vague).
 *Existing web server and related user authentication mechanisms

One question to which I don't have the answer, is should SASL 
[RFC 2222] be mentioned?

Nigel.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC