OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d

I'm not sure that principal-level confirmation can be obtained within the
federation protocol per se; the principal isn't a direct peer in that
protocol and is trusting the authentication authority to act on its behalf.
As Scott suggested earlier in this thread, this may appropriately be a
guidance matter for authentication authorities, rather than something that
falls within the scope of a protocol spec. 


-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Wednesday, October 29, 2003 11:32 AM
To: Linn, John; 'Beach, Michael C';
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf
uploade d

> I didn't think to look back at earlier drafts before posting 
> my message earlier today, but did so subsequently.  -02, 
> e.g., makes the statement "Means shall be specified enabling 
> the authentication authority to obtain explicit confirmation 
> by the principal before a federation is established." The 
> intent was that a means to obtain consent must be available, 
> not to mandate that the authentication authority (acting 
> according to its policy) must invoke that means on every 
> federation instance. 

Subtle, but true. Question...does ID-FF in your mind address that
requirement? I'm not sure I'd claim that it has actually specified such a

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]