OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: SSL Mutual Authentication and the Message Service Spec

   Date: Thu, 23 Aug 2001 09:41:08 -0700
   From: Arvola Chan <arvola@tibco.com>

   More changes to the CPP/A spec will be necessary to support Basic
   Authentication. However, I seriously doubt if basic authentication which
   sends user name and password in cleartext is suitable for conducting E
   business transactions. Perhaps we should lobby the MSG TC to remove the
   requirement to support basic authentication in the 1.1 spec.

I agree that sending passwords in cleartext is right out, but perhaps
what's being contemplated here is using Basic Authentication over an
HTTPS (SSL/TLS) connection to do client authentication in cases where
the client doesn't have a private key and associated digital
certificate.  That scenario arises a lot in "B2C"; I don't know how
likely it is to come up in ebXML interactions.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC