[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: ISSUE[UC-5-01:AuthCProtocol]
Respectfully, I disagree with dropping of non-goals. Explicitly stating which requirements are out of scope serves many purposes. The out-of-scope requirements give us a clear stated direction to move forward for future revisions, they prevent the "did you think about" questions, and they give a complete picture of the landscape of the security arena. Cheers, Dave > -----Original Message----- > From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com] > Sent: Wednesday, February 07, 2001 9:40 AM > To: 'security-use@lists.oasis-open.org' > Subject: ISSUE[UC-5-01:AuthCProtocol] > > > > ISSUE[UC-5-01:AuthCProtocol] Straw Man 1 explicitly makes > > challenge-response authentication a non-goal. Is specifying which > > types of authc are allowed and what protocols they can use necessary > > for this document? If so, which types and which protocols? > > > > > In my opinion it is better to drop the non-goal in favour of listing > explicitly > what is in scope. > > I propose that we reuse much of the text from version 0.8a of the S2ML > specification section 2.1. Except that we drop the third bullet point > (it is too vague). This gives us the flowing. > > <suggestedtext> > > [R-SupportedAuthenticationModes] > *Server-authenticated SSL connections from browser to web server > *Password and user-certificate authentication from web browser > *Existing secure peer-to-peer programming infrastructure based > on SSL, S/MIME, and XML Signature [XML-SIG]. > > </suggestedtext> > > In the last bullet listed above, I have changed "server-to-server" to > "peer-to-peer" > > The following bullet has been removed (I believe it to be too vague). > *Existing web server and related user authentication mechanisms > > One question to which I don't have the answer, is should SASL > [RFC 2222] be mentioned? > > Nigel. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC