wss message

Subject: RE: [wss] OTP and the "charter" discussion.

From: "Paul Cotton" <Paul.Cotton@microsoft.com>
To: "Granqvist, Hans" <hgranqvist@verisign.com>,"Linn, John" <jlinn@rsasecurity.com>,"Frederick Hirsch" <frederick.hirsch@nokia.com>,"Philpott, Robert" <rphilpott@rsasecurity.com>
Date: Fri, 30 Sep 2005 01:56:50 -0700

So then as I understand it we would do an OPT profile framework that would mandate support for OATH HMAC OTP in order to guarantee we could do interopt testing.  Is that what you are proposing?  

________________________________

From: Granqvist, Hans [mailto:hgranqvist@verisign.com]
Sent: Thu 29/09/2005 16:16
To: Paul Cotton; Linn, John; Frederick Hirsch; Philpott, Robert
Cc: Kelvin Lawrence; wss@lists.oasis-open.org
Subject: RE: [wss] OTP and the "charter" discussion.

> In fact how would you do interop testing if the profile is
> only a framework for proprietary mechanisms?

OATH HMAC OTP [1] is published in IETF.  Do you classify
that as proprietary?

Hans
[1]
http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-04.txt

References:
- RE: [wss] OTP and the "charter" discussion.
  - From: "Granqvist, Hans" <hgranqvist@verisign.com>