[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WSS OTP-Token subcommittee proposal
(This is a follow up to the issue I brought up August 9 regarding a WSS One-Time Password token profile sub committee, see minutes of call under "5. Other business" --Hans) Proposal ======== RSA Security and VeriSign would like to propose a new work item for the WSS TC, defining a WSS profile for use of One- Time Password (OTP) authentication. The intended goal is to accommodate a broad range of OTP technologies within the WSS framework. While IPR claims may apply to underlying OTP methods that the profile may support, the proposers intend that the constructions to be defined in the profile itself be unencumbered. This profile would be functionally comparable to other profiles defined within the WSS TC, so we believe it is appropriate to standardize within the same forum. We propose that this work item be pursued in a new OTP Token Profile subcommittee within the WSS TC, as this should facilitate effective discussion of OTP-related aspects that may have limited interest for some TC members. The profile specification(s) would be the subcommittee's deliverable to the TC. A chair or co-chairs would be selected if and as the subcommittee is formed. We anticipate that existing and related work will be available as input for this task. The One-Time Password Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps) initiative, coordinated by RSA Security, has produced several drafts of an OTP-WSS-Token specification which have evolved in response to public review and comment. Following further refinement within the OTPS process, RSA Security proposes to submit a subsequent version of this document as input to the WSS TC. VeriSign, in conjunction with the Open Authentication initiative (OATH, http://www.openauthentication.org) is also producing work related to an OTP token profile. We anticipate that versions of these input documents will be ready for OASIS submission by or during October 2005. We propose that the results of these efforts, along with any other inputs which may be received through the OASIS process, be harmonized under WSS TC auspices. John Linn, RSA Security Hans Granqvist, VeriSign
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]