OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf uploade d


The adjustments to the specification have addressed my concern.  I agree
with this discussion.

Thanks,
Mike

-----Original Message-----
From: Linn, John [mailto:jlinn@rsasecurity.com]
Sent: Wednesday, October 29, 2003 8:42 AM
To: 'Scott Cantor'; Beach, Michael C;
security-services@lists.oasis-open.org
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf
uploade d


I'm not sure that principal-level confirmation can be obtained within
the
federation protocol per se; the principal isn't a direct peer in that
protocol and is trusting the authentication authority to act on its
behalf.
As Scott suggested earlier in this thread, this may appropriately be a
guidance matter for authentication authorities, rather than something
that
falls within the scope of a protocol spec. 

--jl

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Wednesday, October 29, 2003 11:32 AM
To: Linn, John; 'Beach, Michael C';
security-services@lists.oasis-open.org
Subject: RE: [security-services] Groups - draft-sstc-nameid-05.pdf
uploade d


> I didn't think to look back at earlier drafts before posting 
> my message earlier today, but did so subsequently.  -02, 
> e.g., makes the statement "Means shall be specified enabling 
> the authentication authority to obtain explicit confirmation 
> by the principal before a federation is established." The 
> intent was that a means to obtain consent must be available, 
> not to mandate that the authentication authority (acting 
> according to its policy) must invoke that means on every 
> federation instance. 

Subtle, but true. Question...does ID-FF in your mind address that
requirement? I'm not sure I'd claim that it has actually specified such
a
means.

-- Scott

smime.p7s



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]