[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: To C-R Auth or not. Was: Use Case & Requirements Doc Strawman 1Issues List
> ISSUE[UC-5-01:AuthCProtocol] Straw Man 1 explicitly makes > challenge-response authentication a non-goal. Is specifying which > types of authc are allowed and what protocols they can use necessary > for this document? If so, which types and which protocols? Question: Does Shibboleth and the by me suggested SSO push #2 scheme violate this non-goal? I.e. the destination is essentially doing C-R-A on the source as the destination creates time-stamped data or other nonces that is pushed back by the source. If this is a violation I say: Let us go ahead and violate! Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC