OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Challenge-Response/OBI & S2ML (Anders Rundgren's suggestion)

I guess it's open to debate, but Jamcracker plans on voting against any
addition of challenge/response of credentials.  

Anders, you have to weigh the utility of pushing through an agenda that has
significant probability of a lack of success.  I have the same dilemma on
trying to remove authorization challenge/response but decided to fold the
hand given the other members stated public intentions and lack of any other
member stepping forward.  

Committees work best when we try to focus on what is achievable given the
other members stated and often unstated positions.

I think it's Kenny Rogers who sings "You gotta know when to hold 'em, know
when to fold 'em, know when to run".

Dave Orchard
XML Architect
Jamcracker Inc.,    14000 Homestead Dr., Sunnyvale, CA 94086
p: 408.864.5118     f: 408.725.4310

Named to Red Herring's list of 100 Most Important Companies:

> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@telia.com]
> Sent: Thursday, January 11, 2001 4:27 AM
> To: Ahmed, Zahid; security-services@lists.oasis-open.org
> Subject: Re: Challenge-Response/OBI & S2ML (Anders Rundgren's
> suggestion)
> > I have reviewed all of your e-mails expressing concerns
> > about not including Challenge-Response.
> > 
> > Overall, I agree with Phil's previous response:
> Zahid,
> That is not such a surprise as you are one of the S2ML authors :-)
> You did however not respond to my request: Is this open for 
> debate or is the
> decision final?
> Regarding the technical part of this, I suspect that we (all) 
> may not even refer to the same
> thing and the likely scenarious which makes it very hard for 
> anyone to have an opinion above
> the level "we must have this" or "this is out of scope".  It 
> *is* fairly complicated.  It would be
> interesting to know why MACE-Shibbeloth uses (sort of) C-A 
> Auth if it is "redundant" (Bob, are there?)
> If any *real* progress is to be made, a sub-commitee or 
> ad-hoc group should be formed.
> Regards
> Anders

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC