[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Use Cases & Requirements, Straw Man 1
This requirement has ended up somewhat out of context in the current document. Originally, it referred to the Authentication Service within S2ML. The Auth Service in S2ML was restricted to validating login-password, certificates and public keys. Challenge-response Auth protocols were excluded. One question for the agenda tomorrow would be to characterize the security services described in the specification. >>>>>>>>>>> I don't know the agenda of the concall tomorrow, but perhaps we could discuss it. I would like to know: 1) Precisely what is meant by "Challenge-response authentication protocols"? CHAP? MS C/R? a credentials negotiation scheme like Shibboleth? 2) If we are simply exchanging assertions about authentications which have already occured and we trust the source of the assertion, why do we care how the authentication was done, except to record the method as a part of the assertion? 3) What is the rationale for excluding these protocols in particular? I also agree with Nigel's suggestion that a list of what is supported would be preferable to the current statement. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC