[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Items in scope vs out of scope
These are all great points and this is why I would like to insist that we have a defined extension point in the authentication process for TAXII 2.0. It would be great if this was also discoverable so clients could auto detect. But we may need to make that optional. Can anyone speak to that? HTTP Basic + JWT as the MTI seems like a good idea that most people can get behind. It is just important to note that you could have a policy that says you do not accept HTTP Basic + JWT authentication. In this case you could just respond with a simple error message and either tell the user why or not, depending on your security model. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]