OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WSS OTP-Token subcommittee proposal

(This is a follow up to the issue I brought up August 9 
regarding a WSS One-Time Password token profile sub 
committee, see minutes of call under "5. Other business"   
--Hans)


Proposal
========
RSA Security and VeriSign would like to propose a new work 
item for the WSS TC, defining a WSS profile for use of One-
Time Password (OTP) authentication.  The intended goal is 
to accommodate a broad range of OTP technologies within the 
WSS framework.  While IPR claims may apply to underlying OTP 
methods that the profile may support, the proposers intend 
that the constructions to be defined in the profile itself 
be unencumbered. 

This profile would be functionally comparable to other 
profiles defined within the WSS TC, so we believe it is 
appropriate to standardize within the same forum.   We 
propose that this work item be pursued in a new OTP Token 
Profile subcommittee within the WSS TC, as this should 
facilitate effective discussion of OTP-related aspects that 
may have limited interest for some TC members.  The profile 
specification(s) would be the subcommittee's deliverable to 
the TC. A chair or co-chairs would be selected if and as the 
subcommittee is formed. 

We anticipate that existing and related work will be 
available as input for this task.  The One-Time Password 
Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps) 
initiative, coordinated by RSA Security, has produced several 
drafts of an OTP-WSS-Token specification which have evolved 
in response to public review and comment.  Following further 
refinement within the OTPS process, RSA Security proposes to 
submit a subsequent version of this document as input to the 
WSS TC.  

VeriSign, in conjunction with the Open Authentication 
initiative (OATH, http://www.openauthentication.org) is also 
producing work related to an OTP token profile.  We anticipate 
that versions of these input documents will be ready for OASIS 
submission by or during October 2005. We propose that the 
results of these efforts, along with any other inputs which may 
be received through the OASIS process, be harmonized under WSS 
TC auspices.
 

John Linn, RSA Security
Hans Granqvist, VeriSign

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]