[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: bruno.grossmann@pwgsc.gc.ca Hello, I have been working on implementing a DSML to LDAP gateway to provide additional services to our client departments. I have made good progress on this project. I am now implementing the part which deals with authentication but I just realized that DSML does not allow for simple authentication, and that, as of now, there does not seem to be another authentication mechanism available. I am totally baffled by this, as I do not believe volatile directory operations can safely be performed with a simple out-of-band authentication mechanism. I thus have two comments on this issue: a) The fact, that simple authentication is not supported in DSML v2 should be clearly stated in the specs document. The existing section on authentication (1.1) should be much more explicit as to what type of authentication is available. If some DSML-compliant products do indeed support out-of-band authentication, the authentication mechanism should be provided (either in the specs or in a companion document); b) I would suggest the DSML TC reconsiders using a DSML authentication mechanism. As you can probably tell from the above comment, I think it is not safe to use an out-of-band mechanism. If plaintext passwords are considered too risky, safer authentication algorithms should be considered - but they should still be part of DSML, not outside of it. Regards.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]