OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Use Cases & Requirements, Straw Man 1

This requirement has ended up somewhat out of
context in the current document. Originally,
it referred to the Authentication Service
within S2ML.

The Auth  Service in S2ML was restricted to validating 
login-password, certificates and public keys. 
Challenge-response Auth protocols were excluded.

One question for the agenda tomorrow would be to
characterize the security services described
in the specification.


I don't know the agenda of the concall tomorrow, but perhaps we could
discuss it.

I would like to know:

1) Precisely what is meant by "Challenge-response authentication
CHAP? MS C/R? a credentials negotiation scheme like Shibboleth?

2) If we are simply exchanging assertions about authentications which
already occured and we trust the source of the assertion, why do we care
the authentication was done, except to record the method as a part of

3) What is the rationale for excluding these protocols in particular?

I also agree with Nigel's suggestion that a list of what is supported
be preferable to the current statement.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC