OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Groups - OTP Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded

It’s also possible to demonstrate interoperability on a pairwise basis, using any underlying method for which claimant and verifier sides share common support. I don’t think it’s necessary for any one method to be supported universally.  Note also: it’s possible that a WSS endpoint receiving a WSS/OTP request can and will itself be largely method-independent; rather than validating the OTP value itself, it may instead dispatch it to a separate authentication server where users’ OTP credentials would be stored and any method-specific validation would be performed.

 

--jl

 

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Sunday, March 26, 2006 10:50 PM
To: Linn, John
Cc: wss@lists.oasis-open.org
Subject: RE: [wss] Groups - OTP Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded

 

I would think that there should be some OTP algorithm (and identifiers) that could be agreed upon so that there could be some level of interop

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Linn, John" <jlinn@rsasecurity.com>"Linn, John" <jlinn@rsasecurity.com>

"Linn, John" <jlinn@rsasecurity.com>

03/24/2006 11:48 AM

To


Anthony Nadalin/Austin/IBM@IBMUS, <wss@lists.oasis-open.org>

cc

Subject


RE: [wss] Groups - OTP Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded

 


Lines 137-138 were intended as informative clarification only. They can be deleted without impacting the surrounding content.

Additionally, in recognition of the fact that there is no intent for the document to mandate or constrain the use of particular OTP algorithms, I propose that the current lines 169-178 be replaced with the following text: “This specification does not define identifiers for specific underlying OTP algorithms with which it may be used. Values for such identifiers are defined separately, in conjunction with independent OTP algorithm specifications.”

Given the above changes, it should also be possible to remove corresponding trademark references within the Notices section.

Would these proposals suffice to allay concern about occurrences of trademarks within the document?

--jl

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 21, 2006 9:19 AM
To: wss@lists.oasis-open.org
Subject: Re: [wss] Groups - OTP Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded

Line 133-138 reference a registered trade mark, seems that there are implications of this in a specification, I'm not sure of the reason why it is referenced.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]