OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Revised WSS OTP-Token proposal

So is output to be 1 profile or 2 ? any chance to come to agreement on single profile before hand ?

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Granqvist, Hans" <hgranqvist@verisign.com>"Granqvist, Hans" <hgranqvist@verisign.com>


          "Granqvist, Hans" <hgranqvist@verisign.com>

          09/30/2005 11:45 AM

To

Anthony Nadalin/Austin/IBM@IBMUS

cc

"Linn, John" <jlinn@rsasecurity.com>, Kelvin Lawrence/Austin/IBM@IBMUS, <wss@lists.oasis-open.org>

Subject

RE: [wss] Revised WSS OTP-Token proposal

Yes, these are the two ones we know about so far. Hans

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Friday, September 30, 2005 8:53 AM
To: Granqvist, Hans
Cc: Linn, John; Kelvin Lawrence; wss@lists.oasis-open.org
Subject: RE: [wss] Revised WSS OTP-Token proposal

OK so there will be one proposal from Verisign and one proposal from RSA as input documents, right ?

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Granqvist, Hans" <hgranqvist@verisign.com>"Granqvist, Hans" <hgranqvist@verisign.com>
                  "Granqvist, Hans" <hgranqvist@verisign.com>

                  09/30/2005 10:36 AM
To

Anthony Nadalin/Austin/IBM@IBMUS, Kelvin Lawrence/Austin/IBM@IBMUS
cc

"Linn, John" <jlinn@rsasecurity.com>, <wss@lists.oasis-open.org>
Subject

RE: [wss] Revised WSS OTP-Token proposal

Hi Tony.

Here is VeriSign's statement on this issue

"VeriSign will contribute a draft version of the OTP token
profile that was developed by VeriSign.  VeriSign agrees that
this contribution will be compliant to the terms and conditions
that are specified under OASIS.IPR.3.1 of the 'Legacy OASIS
Intellectual Property Rights (IPR) Policy'.

Additionally, VeriSign is not aware of any patents or applications
that may be relevant to the proposed contribution."

Thanks,
Hans


________________________________

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Wednesday, September 28, 2005 1:05 PM
To: Kelvin Lawrence
Cc: Linn, John; wss@lists.oasis-open.org
Subject: Re: [wss] Revised WSS OTP-Token proposal



Its still confusing as its states that "RSA Security proposes to
submit a version of this document as
"input to the WSS TC" yet as discussed it was indicated that
this effort is not about a single technology, so I would assume that the
document would be not input but referenced, much like PKI, Kerberos etc.
Also if RSA plans to really submit the document as input what would be
the IPR terms ? Same goes to Verisign ?


Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Kelvin Lawrence/Austin/IBM@IBMUSKelvin
Lawrence/Austin/IBM@IBMUS




Kelvin Lawrence/Austin/IBM@IBMUS


09/27/2005 05:39 PM



To

"Linn, John" <jlinn@rsasecurity.com>


cc

wss@lists.oasis-open.org


Subject

Re: [wss] Revised WSS OTP-Token proposal
 


John and Hans, thank you for taking the time to update and
re-post your proposal.

TC Members, Now that we have a modified proposal in front of us
what do people think?

I would very much like to see some discussion here so that we
can be effective on the call on Tuesday.

Thanks to those of you that have already posted your views

Cheers
Kelvin



"Linn, John" <jlinn@rsasecurity.com> wrote on 09/27/2005
10:48:05 AM:

> Following last week's discussion, we'd like to offer the
following
> revised version of the OTP-Token proposal for consideration by
the TC:
>
> RSA Security and VeriSign would like to propose a new work
item for the
> WSS TC, defining a WSS profile for use of One-Time Password
(OTP)
> authentication.  The intended goal is to accommodate a broad
range of
> OTP technologies within the WSS framework.  While conceptually
similar
> to the existing UsernameToken profile, this profile would
support
> transport of OTP-related ancillary information (e.g., PINs,
challenges,
> counters, device and algorithm identifiers) in conjunction
with
> authentication requests in order to provide comprehensive
support for
> OTP methods within the WSS/SOAP environment.
>
> We anticipate that the profile will accommodate OTP methods
including
> (but not limited to) OATH HOTP, RACF PassTickets, RSA
SecurID(r)
> authenticator token devices, and other candidates that may be
identified
> within the TC. While IPR claims may apply to underlying OTP
methods that
> the profile may support, the proposers intend that the
constructions to
> be defined in the profile itself be unencumbered.
>
> This profile would be functionally comparable to other
profiles defined
> within the WSS TC, so we believe it is appropriate to
standardize within
> the same forum.  We propose that this activity be undertaken
as a
> general TC work item, comparable to other profiles addressed
by the TC,
> rather than within a distinct subcommittee. It is not the
proposers'
> intent that this work item be incorporated into WSS 1.1, or
that it
> delay TC progress on that release.  
>
> We anticipate that existing and related work will be available
as input
> for this task.  The One-Time Password Specifications (OTPS,
> http://www.rsasecurity.com/rsalabs/otps)
> initiative, coordinated by RSA Security, has produced an
OTP-WSS-Token
> specification which has evolved in response to public review
and
> comment. RSA Security proposes to submit a version of this
document as
> input to the WSS TC.  
>
> VeriSign, in conjunction with the Open Authentication
initiative (OATH,
> http://www.openauthentication.org) is also producing work
related to an
> OTP token profile.  We anticipate that versions of these input
documents
> will be ready for OASIS submission by or during October 2005.
We propose
> that the results of these efforts, along with any other inputs
which may
> be received through the OASIS process, be harmonized under WSS
TC
> auspices.
>  
>
> John Linn, RSA Security
> Hans Granqvist, VeriSign
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS
TC that
> generates this mail.  You may a link to this group and all
your TCs in OASIS
> at:
>
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]