[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [UC-1-04:ARundgrenPush]
Evan,
I completely concur with your opinion on this issue. We do have a clear
process to follow.
We (Anders?) should write up a concrete use case, called something like
"negotiate trust relationship between partners". We should then discuss on
the mailing list/concalls to make sure the use case is described enough for
us to vote on. We should then vote on the use-case. My early prediction is
that the use case will not pass muster - certainly a lot would have to be
done to convince me to vote for it - but we will have followed the process
and we will have useful artifacts for future work.
Cheers,
Dave
> -----Original Message-----
> From: Evan Prodromou [mailto:evan@outlook.net]
> Sent: Monday, February 12, 2001 2:27 PM
> To: S2ML-USE
> Subject: Re: [UC-1-04:ARundgrenPush]
>
>
> >>>>> "HL" == Hal Lockhart <hal.lockhart@entegrity.com> writes:
>
> >> You also lack a business case. Why do you need a particular
> >> business case when we are talking about extending the access
> >> system of practially all computer systems (but with arbitrary
> >> granularity and semantics) to function over the web between
> >> different, independent and constantly changing organizations as
> >> well? IMO that's *hell* of a use case! If it is a hell to
> >> design I am not yet able to tell.
>
> I'm replying to the wrong message, so, sorry.
>
> But I think Anders has gotten to the kernel of this issue. I think for
> most of us with experience with AuthXML or S2ML, we've dealt from the
> get-go with expecting peer security systems to have arranged their
> partnership out-of-band. In other words, there are configuration
> options on each piece of software that say what data is sent as
> credentials, what profile information to share, what keys belong to
> what security system, etc.
>
> We explicitly have this called out in the current doc, saying that
> "trust negotiations must be made out-of-band." I agree with Anders
> that there's a momentous opportunity in dropping this non-goal and
> allowing the trust relationship to be negotiated IN-band ("Who are
> you? Who says that's you? What do you want?").
>
> However, I am extremely leery of this expansion of scope. I wonder if
> there's an opportunity here to stow away this use case and use it for
> a next version of [OSSML] or for even another effort of this
> TC. Something that operates well with what we do, but not part of this
> current effort.
>
> ~ESP
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC