OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: To C-R Auth or not. Was: Use Case & Requirements Doc Strawman 1Issues List

> ISSUE[UC-5-01:AuthCProtocol] Straw Man 1 explicitly makes
> challenge-response authentication a non-goal. Is specifying which
> types of authc are allowed and what protocols they can use necessary
> for this document? If so, which types and which protocols?

Question: Does Shibboleth and the by me suggested SSO push #2 scheme
violate this non-goal?  I.e. the destination is essentially doing C-R-A on the
source as the destination creates time-stamped data or other nonces that is
pushed back by the source.  If this is a violation I say: Let us go ahead and violate!


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC