OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

provision message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [provision] Password constraints for Catalyst SPML interop

Paul

There was some talk on another thread of using default passwords managed
by the multiplexer.  That said, if no one has an issue with the
following password policy, it kind of makes more sense to have the HRMS
input screens implement the policy and have the Mycroft-Multiplexer
simply pass it on to the PSP's.

Proposed password policy for the interop

- Minimum 4 characters
- Maximum 12 characters

Unless anyone screams, this will be the policy we ask PSFT to implement
in the web user input screens...

=========================================================
Darran Rolls                      http://www.waveset.com
Waveset Technologies Inc          drolls@waveset.com 
(512) 657 8360                     
=========================================================


> -----Original Message-----
> From: Yoav Kirsch [mailto:Yoav.Kirsch@businesslayers.com]
> Sent: Friday, June 06, 2003 5:30 AM
> To: 'Paul Madsen '; ''provision@lists.oasis-open.org' '
> Cc: Sagi Gabay
> Subject: RE: [provision] Password constraints for Catalyst SPML
interop
> 
> 
> OK by Business layres
> yoav
> -----Original Message-----
> From: Paul Madsen
> To: 'provision@lists.oasis-open.org'
> Sent: 6/4/03 2:52 PM
> Subject: [provision] Password constraints for Catalyst SPML interop
> 
> Hi, any password provided by the Interop User will need to satisfy the
> requirements of the individual PSP/PSTs. Although I suspect this won't
> be an
> issue, I suggest that all PSPs submit these requirements so that we
can
> determine what minimum criteria will satisfy all.
> 
> After  appropriate configuration, Entrust's minimum requirement for
the
> password is simply that it be '1' character or greater, with no
> restrictions
> on case, etc.
> 
> If this rule works for other PSPs then there is no need to confirm. If
> another PSP requires more constrained passwords (e.g. more characters,
> upper-case, forbidden characters, etc) that can't be configured
> out/avoided
> then they should alert the group.
> 
> To prevent unnecessary SPML error messages, it seems simplest to catch
> non-conformant passwords as early as possible, either at the PSFT HTML
> interface, the PSFT app, or at Mycroft. The easiest would likely be
the
> first option, using a bit of Javascript to catch them (in addition to
a
> textual prompt besides the text box.)
> 
> Regards
> 
> Paul
> 
> -----------------------------------------------------------------
> Paul Madsen
> e:  p.madsen@entrust.com <mailto:p.madsen@entrust.com>
> p:  613-270-2632
> Entrust
> Securing Digital Identities
> & Information
> http://www.entrust.com
> 
> 
> You may leave a Technical Committee at any time by visiting
>
http://www.oasis-open.org/apps/org/workgroup/provision/members/leave_wor
> kgroup.php
> 
> 
> You may leave a Technical Committee at any time by visiting
> http://www.oasis-
> open.org/apps/org/workgroup/provision/members/leave_workgroup.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]