OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Smart Browser

Sorry for the late reply....I was on the road.

Indeed, I agree with Don as well. This is not a new protocol or a new
cryptographic technique. It is well within SAML's context of "...using
security technologies utilizing a standard syntax (markup language) in the
context of the Internet". I feel that we are missing the scenario where a RP
can authenticate a Subject *without* needing to query the authentication
mechanism. This is a very important need and the smart browser profile, as
suggested by Don, augmented via Secure Remote Password (SRP) would fulfill
this need.


Jahan Moreh
Chief Security Architect
Sigaba Corp.
jmoreh@sigaba.com <mailto:jmoreh@sigaba.com> 
cell: 310.890.9391
tel: 310.286.3070

>-----Original Message-----
>From: Flinn, Don [mailto:Don.Flinn@hitachisoftware.com]
>Sent: Thursday, October 18, 2001 7:05 AM
>To: Hal Lockhart; Oasis Sstc (E-mail)
>Subject: RE: [security-services] Smart Browser
>The intent is not to invent a new protocol.  The intent, as I proposed,
>is to use Kerberos, or the Needham and Schroedar protocol upon which
>Kerberos is based.  The existing SAML browser protocols, IMHO, 
>lean more
>towards the invention of new protocols than what I am suggesting.
>Specifically, I am suggesting that we use existing, well known 
>in the smart browser profile.
>-----Original Message-----
>From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
>Sent: Thursday, October 18, 2001 9:41 AM
>To: Flinn, Don; Oasis Sstc (E-mail)
>Subject: RE: [security-services] Smart Browser
>I don't understand the motive for inventing a new authentication
>History has shown that this is something which is fraught with risk. It
>seems to me that we have plenty of good ones already, they are just not
>widely deployed. This one seems particularly puzzling since is has
>essentially the same external characteristics as Kerberos.
>This also seems to violate what I understood to be the intent of the
>requirement we all agreed to last spring.
>"SAML will not propose any new cryptographic technologies or models for
>security; instead, the emphasis is on description and use of well-known
>security technologies utilizing a standard syntax (markup language) in
>context of the Internet."
>> -----Original Message-----
>> From: Flinn, Don [mailto:Don.Flinn@hitachisoftware.com]
>> Sent: Tuesday, October 16, 2001 3:04 PM
>> To: Oasis Sstc (E-mail)
>> Subject: [security-services] Smart Browser
>> I had to drop out of today's focus group for another meeting.  
>> I would like to get a reading from the group on the Smart Browser
>> Profile concept that I put on the mailing list a couple of weeks ago.
>> There has been no discussion on this.  I would like to know 
>> whether this
>> means that there is no interest and the idea should be dropped or
>> whether people thought it worthwhile, in which case I would do
>> additional work on it, or hated the idea.  
>> I have attached the writeup again for easy reference.
>> Don
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC