30 messages in org.oasis-open.lists.xacmlRe: XACML TC Charter Revision - Strawman| From | Sent On | Attachments |
|---|---|---|
| Damodaran, Suresh | Jun 6, 2001 4:46 pm | |
| Hal Lockhart | Jun 7, 2001 11:13 am | |
| Damodaran, Suresh | Jun 7, 2001 12:20 pm | |
| Hal Lockhart | Jun 7, 2001 2:36 pm | |
| Pilz, Gilbert | Jun 7, 2001 2:44 pm | |
| bill parducci | Jun 7, 2001 2:54 pm | |
| Damodaran, Suresh | Jun 7, 2001 4:34 pm | |
| Pilz, Gilbert | Jun 7, 2001 6:25 pm | |
| Hal Lockhart | Jun 8, 2001 7:12 am | |
| Hal Lockhart | Jun 8, 2001 7:31 am | |
| bill parducci | Jun 8, 2001 9:20 am | |
| Hal Lockhart | Jun 8, 2001 11:17 am | |
| bill parducci | Jun 8, 2001 11:33 am | |
| Hal Lockhart | Jun 8, 2001 11:57 am | |
| bill parducci | Jun 8, 2001 1:22 pm | |
| Hal Lockhart | Jun 8, 2001 2:08 pm | |
| bill parducci | Jun 8, 2001 2:31 pm | |
| Simon Y. Blackwell | Jun 8, 2001 8:18 pm | |
| Simon Y. Blackwell | Jun 8, 2001 8:49 pm | |
| Simon Y. Blackwell | Jun 8, 2001 9:04 pm | |
| Simon Y. Blackwell | Jun 8, 2001 9:19 pm | |
| Michiharu Kudoh | Jun 10, 2001 9:27 am | |
| Hal Lockhart | Jun 11, 2001 9:44 am | |
| Ken Yagen | Jun 11, 2001 11:36 am | |
| Hal Lockhart | Jun 11, 2001 12:58 pm | |
| bill parducci | Jun 11, 2001 1:11 pm | |
| Simon Y. Blackwell | Jun 11, 2001 1:26 pm | |
| Carlisle Adams | Jun 11, 2001 2:06 pm | |
| Simon Y. Blackwell | Jun 11, 2001 2:49 pm | |
| Carlisle Adams | Jun 13, 2001 2:46 pm |
| Subject: | Re: XACML TC Charter Revision - Strawman | |
|---|---|---|
| From: | bill parducci (bi...@parducci.net) | |
| Date: | Jun 8, 2001 1:22:47 pm | |
| List: | org.oasis-open.lists.xacml | |
what i am saying is that you cannot GUARANTEE this is the case. if i remember correctly, just a few months ago verisign issued a cert for one of microsoft's sites to an unauthorized entity -- things like that kinda hinder utter faith in the authentication layer alone, don't you think? add that to the unavoidable latitude for specific vendors and users during implementation of whatever spec comes out of this group and you have the *possibility* of compromise.
if you can make the case that it is impossible for this to happen (which, from an academic perspective, is not possible because one cannot prove 'non existence'), then the the balance between effort of implementation of discrete responses vs. the likelihood of compromise is an easy one. otherwise, i suggest that we at least perform due diligence in determining what the ramifications of discrete response codes are.
i have no interest in one direction or the other, i just want to make sure that the issue is raised.
b
Hal Lockhart wrote:
Excuse me. Are you saying that no means exists whereby a PEP and PDP could mutually authenticate and exchange integrity and confidentiality protected data over an insecure network?
Hal