OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: ISSUE[UC-5-01:AuthCProtocol]


Hal,

> 2) Anders seems to want to persist in using "challenge response" for what I
> refer to as "credentials negotiation". I believe most people have in mind
> something like the Microsoft challenge response protocol. Since the term
> challenge response is firmly imbeded in the literature to refer to the
> latter, I suggest to Anders that he adopt credentials negotiation or some
> other descriptive term.

It may be a little bit more complicated than it looks.  There is indeed something that
could be referred to as "credentials negotiation" (I don't particularly like this term though).
But using SSO Push model #2 and [maybe] Shibboleth, the RP sends something
containing nounces or time-stamps to the AP which signs this data (and a lot
of other stuff) and sends it back to the RP for use after verification.  The
nounces/time-stamps are the "Challenge", the signed ticket/credential the "Response".

As I understand C-R Auth is intended to suppress stale credential data which is what
this actually does.  If you have another definition, I'm interested to hear more about it.

Anders



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC