OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: ISSUE:[UC-5-01:AuthCProtocol] reworked

Straw Man 1 explicitly makes challenge-response 
authentication a non-goal. Is specifying which types
of authc are allowed and what protocols they can
use necessary for this document? If so, what types
and which protocols?

As written, this issue covers a lot of ground. 
Issue:[UC-5-03:AuthCthrough] covers the related issue
of the removal of considerations of modeling authentication 
methods within [OSSML], which need not be discussed further in 5-01.

There is an aspect of these requirements that is missing
from this discussion. There is a need for describing 
different forms of credentials (name-password, public key,
X509 certificates etc) within OSSML. In this sense there is
a connection to the different "permitted forms of authc" [2] 
within OSSML.

I suggest the following sub-parts for voting:

(1) The Non-Goal
"Challenge-response authentication protocols are outside the
scope of the [OSSML]"

be removed from the Strawman 3 document.

(2) The following requirements be added:

[R-StandardCreds] [OSSML] should provide a data format for
credentials including those based on name-password, 
X509v3 certificates, public keys, X509 Distinguished
name, and empty credentials.

[R-ExtensibleCreds] [OSSML] The credentials data format
must support extensibility in a structured fashion.

I believe this is consistent or can be derived
from Nigel's suggestion [1] but is perhaps closer to the current 
style of specification in Strawman 2. 
It also reflects the discussion in [2] and [3].

[1] http://lists.oasis-open.org/archives/security-use/200102/msg00029.html
[2] http://lists.oasis-open.org/archives/security-use/200102/msg00038.html 
[3] http://lists.oasis-open.org/archives/security-use/200102/msg00064.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC