[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Comments on Straw Man Draft 2: Authentication Protocol non-goals
We will add an area in the Security Services group of the issue list to ask this question specifically - are we specifying a authN service as part of our work. > -----Original Message----- > From: Irving Reid [mailto:Irving.Reid@baltimore.com] > Sent: Monday, February 19, 2001 2:43 PM > To: 'security-use@lists.oasis-open.org' > Subject: Comments on Straw Man Draft 2: Authentication Protocol > non-goals > > > I'll split my comments into a series of messages, one for each issue... > > In the Requirements / Non-Goals section, the non-goal "Challenge-response > authentication protocols are outside the scope of OSSML." is > included. This > non-goal originally came from the S2ML spec. > > S2ML included a very basic authentication service, where users > (or servers, > on behalf of users) could present credentials to the S2ML service and > receive a name assertion in return. The two forms of credential supported > were username/password, or X509 certificate. > > Speaking for Baltimore, we feel that providing such a limited > authentication > service would not be useful. This leaves two alternatives: > > 1. Do not specify an authentication service within [OSSML] > 2. Specify a more general authn service. > > The first alternative reduces the size of the [OSSML] effort, but it might > leave us without enough meat to be useful. What we end up with is > that name > assertions appear as if by magic through some out-of-band mechanism, and > then the [OSSML] service allows you to pass them around and > possibly obtain > further related assertions. > > The second alternative provides a more complete spec, but opens the usual > large can of worms. Without proposing a specific solution, we need to keep > in mind that many people have defined authentication services in the past, > and we'd be much better off to choose one and dress it up in XML > rather than > to start over from scratch. SASL, RADIUS/DIAMETER, etc. could be > reasonable > starting places. > > Irving Reid <irving.reid@baltimore.com> > Principal Technical Architect, SelectAccess > Baltimore Technologies > > > ------------------------------------------------------------------ > To unsubscribe from this elist send a message with the single word > "unsubscribe" in the body to: security-use-request@lists.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC