[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Authentication Methods - Proposed changes tocore-29
I take
exception to a few things that differ from what I explicitly changed from
core-29.
There are no places where Base64 encoding should be
specified. (See below) Therefore this sentence should not go here. If there
are other Base64 encoded items earlier in the document, perhaps a similiar
reference to [RFC 2045] should be included at the appropriate
place.
First, I assume this is supposed to be 7.1.1 etc.
I explictily specified leaving out the "(Pass-Through)" In
what sense is this a pass-through? The System Entity sent a password to the
Authentication Authority. The AA confirmed that the password was correct. The AA
later issed an assertion with an Authentication Statement in it. The AA did not
pass-through the password to anybody. Please drop "(Pass-Through):" from the
title as I specified previously.
No, no, no. There is no such thing
as Subject Confirmation Data. What we are defining here is Authentication
Method. It goes in the AuthenticationMethod attribute of the Authentication
Statement. Look at the schema. (lines 667 &
1814 in core-29) There is no <SubjectConfirmationData>. There is no
Authentication Data. There is no data of any kind, just the Method identifier.
That is the point of this entire
revision.
Should be a space between
"The" and "authentication". (I'm surprised your picky grammer checker didn't
catch that one. ;-)
I have no objection to adding this
identifier. However I was under the impression that XKMS was doing X509 or PGP
or SPKI. Does it use a distinct trust model?
Regards,
Hal
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC