Thanks for the supportive suggestion. I
don’t know where the most comprehensive or authoritative description of PassTickets
is, but the information I’ve seen so far appears to describe them as an
OTP method. As such, it’s reasonable to expect (and to validate)
that they can be accommodated within an OTP profile, alongside or as an
alternative to other methods. If the RACF PassTicket activity has also
undertaken work on specifying means for PassTickets to be integrated into WSS,
and can contribute that work, that would be another valuable input to the activity.
If the scope of PassTicket definition concerns the OTP processing, rather
than the WSS integration, a corresponding PassTicket contribution could serve
to inform the design process though might not constitute an input document in
the same sense as the other contemplated contributions.
--jl
From: Anthony Nadalin
[mailto:drsecure@us.ibm.com]
Sent: Tuesday, September 20, 2005
2:06 PM
To: wss@lists.oasis-open.org
Subject: Re: [wss] WSS OTP-Token
subcommittee proposal
An modification:
Proposal
========
xxx, xxx and ... would like to propose a new work
item for the WSS TC, defining a WSS profile for
use of
Limited-Time
Password (LTP) and One-Time Password (OTP) authentication.
The intended
goal is to accommodate a broad range of LTP/OTP
technologies
within the WSS framework. While IPR claims may
apply to
underlying LTP/OTP methods that the profile may support,
the
proposers intend that the constructions to be defined in
the profile
itself be unencumbered.
This profile would be functionally comparable to
other
profiles defined within the WSS TC, so we believe
it is
appropriate to standardize within the same forum.
We
propose that this work item be pursued in the
existing WSS TC.
We anticipate that existing and related work will
be
available as input for this task. The following
will
be initial
input and open to other input as appropriate:
(1) The
One-Time Password Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps)
(2) Open Authentication initiative (OATH, http://www.openauthentication.org)
(3) RACF
PassTickets (RACF, http://www.ibm.com)
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Granqvist,
Hans" <hgranqvist@verisign.com>
|
"Granqvist,
Hans" <hgranqvist@verisign.com> 08/22/2005 06:53 PM |
|
(This
is a follow up to the issue I brought up August 9
regarding a WSS One-Time Password token profile
sub
committee, see minutes of call under "5.
Other business"
--Hans)
Proposal
========
RSA Security and VeriSign would like to propose a
new work
item for the WSS TC, defining a WSS profile for
use of One-
Time Password (OTP) authentication. The
intended goal is
to accommodate a broad range of OTP technologies
within the
WSS framework. While IPR claims may apply to
underlying OTP
methods that the profile may support, the
proposers intend
that the constructions to be defined in the
profile itself
be unencumbered.
This profile would be functionally comparable to
other
profiles defined within the WSS TC, so we believe
it is
appropriate to standardize within the same forum.
We
propose that this work item be pursued in a new
OTP Token
Profile subcommittee within the WSS TC, as this should
facilitate effective discussion of OTP-related
aspects that
may have limited interest for some TC members.
The profile
specification(s) would be the subcommittee's
deliverable to
the TC. A chair or co-chairs would be selected if
and as the
subcommittee is formed.
We anticipate that existing and related work will
be
available as input for this task. The
One-Time Password
Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps)
initiative, coordinated by RSA Security, has
produced several
drafts of an OTP-WSS-Token specification which
have evolved
in response to public review and comment.
Following further
refinement within the OTPS process, RSA Security
proposes to
submit a subsequent version of this document as
input to the
WSS TC.
VeriSign, in conjunction with the Open
Authentication
initiative (OATH, http://www.openauthentication.org)
is also
producing work related to an OTP token profile.
We anticipate
that versions of these input documents will be
ready for OASIS
submission by or during October 2005. We propose
that the
results of these efforts, along with any other
inputs which may
be received through the OASIS process, be
harmonized under WSS
TC auspices.
John Linn, RSA Security
Hans Granqvist, VeriSign
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave
the OASIS TC that
generates this mail. You may a link to this
group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php