OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Use Cases & Requirements, Straw Man 1

> -----Original Message-----
> From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com]
> Sent: Monday, January 29, 2001 11:27 AM
> To: UseCaseList
> Subject: RE: Use Cases & Requirements, Straw Man 1


> One of the non-goals is listed as: "Challenge-response authentication
> protocols are outside the scope of [OSSML]." Therefore are all other 
> possible classes of authentication protocols in? If we want to
> restrict the authentication protocols allowed, then I think it would
> be better to list the ones in-scope explicitly.

I also am puzzled by this item.

I don't know the agenda of the concall tomorrow, but perhaps we could
discuss it.

I would like to know:

1) Precisely what is meant by "Challenge-response authentication protocols"?
CHAP? MS C/R? a credentials negotiation scheme like Shibboleth?

2) If we are simply exchanging assertions about authentications which have
already occured and we trust the source of the assertion, why do we care how
the authentication was done, except to record the method as a part of the

3) What is the rationale for excluding these protocols in particular?

I also agree with Nigel's suggestion that a list of what is supported would
be preferable to the current statement.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC