Re: [wss] WSS OTP-Token subcommittee proposal

[Anthony Nadalin <drsecure@us.ibm.com>]

An modification:

Proposal
========
xxx, xxx and ... would like to propose a new work
item for the WSS TC, defining a WSS profile for use of
Limited-Time Password (LTP) and One-Time Password (OTP) authentication.
The intended goal is to accommodate a broad range of LTP/OTP
technologies within the WSS framework.  While IPR claims may
apply to underlying LTP/OTP methods that the profile may support,
the proposers intend that the constructions to be defined in
the profile itself be unencumbered.

This profile would be functionally comparable to other
profiles defined within the WSS TC, so we believe it is
appropriate to standardize within the same forum.   We
propose that this work item be pursued in the existing WSS TC.

We anticipate that existing and related work will be
available as input for this task. The following will
be initial input and open to other input as appropriate:

(1) The One-Time Password Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps)
(2) Open Authentication initiative (OATH, http://www.openauthentication.org)
(3) RACF PassTickets (RACF, http://www.ibm.com)


Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Granqvist, Hans" <hgranqvist@verisign.com>

"Granqvist, Hans" <hgranqvist@verisign.com>

08/22/2005 06:53 PM

To	<wss@lists.oasis-open.org>, "Linn, John" <jlinn@rsasecurity.com>
cc
Subject	[wss] WSS OTP-Token subcommittee proposal

(This is a follow up to the issue I brought up August 9
regarding a WSS One-Time Password token profile sub
committee, see minutes of call under "5. Other business"  
--Hans)


Proposal
========
RSA Security and VeriSign would like to propose a new work
item for the WSS TC, defining a WSS profile for use of One-
Time Password (OTP) authentication.  The intended goal is
to accommodate a broad range of OTP technologies within the
WSS framework.  While IPR claims may apply to underlying OTP
methods that the profile may support, the proposers intend
that the constructions to be defined in the profile itself
be unencumbered.

This profile would be functionally comparable to other
profiles defined within the WSS TC, so we believe it is
appropriate to standardize within the same forum.   We
propose that this work item be pursued in a new OTP Token
Profile subcommittee within the WSS TC, as this should
facilitate effective discussion of OTP-related aspects that
may have limited interest for some TC members.  The profile
specification(s) would be the subcommittee's deliverable to
the TC. A chair or co-chairs would be selected if and as the
subcommittee is formed.

We anticipate that existing and related work will be
available as input for this task.  The One-Time Password
Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps)
initiative, coordinated by RSA Security, has produced several
drafts of an OTP-WSS-Token specification which have evolved
in response to public review and comment.  Following further
refinement within the OTPS process, RSA Security proposes to
submit a subsequent version of this document as input to the
WSS TC.  

VeriSign, in conjunction with the Open Authentication
initiative (OATH, http://www.openauthentication.org) is also
producing work related to an OTP token profile.  We anticipate
that versions of these input documents will be ready for OASIS
submission by or during October 2005. We propose that the
results of these efforts, along with any other inputs which may
be received through the OASIS process, be harmonized under WSS
TC auspices.


John Linn, RSA Security
Hans Granqvist, VeriSign

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php