From: Kelvin Lawrence
[mailto:klawrenc@us.ibm.com]
Sent: Monday, January 23, 2006
11:26 AM
To: Hal
Lockhart
Cc: Granqvist, Hans;
wss@lists.oasis-open.org; Mary McRae; James Bryce Clark
Subject: RE: [wss] WSS One Time
Password
The chairs received a mail from Jamie Clark (of OASIS)
asking us not to work on this until he had a chance to discuss with the parties
involved in the appeal. This was a while ago now. I have since written back to
Jamie asking for the status but have heard nothing back so far. I am hoping
that Jamie will get back to us soon. I am not comfortable starting on this
until OASIS give us the go ahead. I am copying the OASIS staff contacts on this
e-mail so that perhaps they can let us know the status here.
Cheers
Kelvin
"Hal
Lockhart" <hlockhar@bea.com>
01/23/2006 10:07 AM
|
To
|
"Granqvist, Hans"
<hgranqvist@verisign.com>, <wss@lists.oasis-open.org>
|
cc
|
|
Subject
|
RE: [wss] WSS One Time Password
|
|
The
way to get this going is for one or two people to volunteer to be
editor. The first task is to produce a
consolidated document based on
the submissions using the OASIS template. This
will require a little
work to decide what material to use from each
submission. How to do this
is not completely clear to me.
It seems to me that this work would be
significantly more valuable if it
could be used for integrity protection at least
and perhaps
confidentiality as well.
1. Is it technologically feasible, for example to
use a OTP as the
secret in an HMAC? Or could some key derivation
scheme be applied?
2. Is it even feasible, to support signing and
verification securely by
two parties using an OTP?
3. Can a single scheme be used for all the types
of OTP cited, or do we
need a scheme per type or even per OTP algorithm?
4. Would the use of such a scheme weaken the OTP
in some way?
Hal
> -----Original Message-----
> From: Granqvist, Hans
[mailto:hgranqvist@verisign.com]
> Sent: Tuesday, November 08, 2005 4:29 PM
> To: wss@lists.oasis-open.org
> Subject: [wss] WSS One Time Password
>
> We voted on doing it so we should track it.
>
> I'd like to get started on this work. What's
holding
> us up?
>
> Hans
>
> > -----Original Message-----
> > From: Linn, John
[mailto:jlinn@rsasecurity.com]
> > Sent: Wednesday, November 02, 2005 10:41
AM
> > To: mgudgin@microsoft.com;
wss@lists.oasis-open.org
> > Subject: RE: [wss] Groups - OASIS WSS
Issues List 81 (OASIS
> > Web Services Security Issues List
81.htm) uploaded
> >
> > Per the TC vote on 4 October supporting
work on an OTP
> > profile, and subsequent submission of
input documents, would
> > it now be appropriate to add an item to
the issues list to
> > begin tracking this activity,
> > comparable to entry #338?
> >
> > --jl
> >
> > -----Original Message-----
> > From: mgudgin@microsoft.com
[mailto:mgudgin@microsoft.com]
> > Sent: Tuesday, November 01, 2005 5:24 PM
> > To: wss@lists.oasis-open.org
> > Subject: [wss] Groups - OASIS WSS Issues
List 81 (OASIS Web
> > Services Security Issues List 81.htm)
uploaded
> >
> > The document named OASIS WSS Issues List
81 (OASIS Web
> > Services Security Issues List 81.htm)
has been submitted by
> > Mr Martin Gudgin to the OASIS Web
Services Security (WSS) TC
> > document repository.
> >
> > Document Description:
> > Covers decisions made during 2005-11-01
meeting.
> >
> > View Document Details:
> > http://www.oasis-open.org/apps/org/workgroup/wss/document.php?
> > document_i
> > d=15151
> >
> > Download Document:
> >
http://www.oasis-open.org/apps/org/workgroup/wss/download.php/
> 15151/OASI
> >
S%20Web%20Services%20Security%20Issues%20List%2081.htm
> >
> >
> > PLEASE NOTE: If the above links do
not work for you, your
> > email application may be breaking the
link into two pieces.
> > You may be able to copy and paste the
entire link address
> > into the address field of your web
browser.
> >
> > -OASIS Open Administration
> >
> >
---------------------------------------------------------------------
> > To unsubscribe from this mail list, you
must leave the OASIS
> > TC that generates this mail. You
may a link to this group
> > and all your TCs in OASIS
> > at:
> >
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr
> oups.php
> >
> >
> >
>
>
---------------------------------------------------------------------
> To unsubscribe from this mail list, you must
leave the OASIS TC that
> generates this mail. You may a link to
this group and all your TCs in
> OASIS
> at:
>
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave
the OASIS TC that
generates this mail. You may a link to this
group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php