I guess it's open to debate, but Jamcracker plans on voting against any
addition of challenge/response of credentials.
Anders, you have to weigh the utility of pushing through an agenda that has
significant probability of a lack of success. I have the same dilemma on
trying to remove authorization challenge/response but decided to fold the
hand given the other members stated public intentions and lack of any other
member stepping forward.
Committees work best when we try to focus on what is achievable given the
other members stated and often unstated positions.
I think it's Kenny Rogers who sings "You gotta know when to hold 'em, know
when to fold 'em, know when to run".
Jamcracker Inc., 14000 Homestead Dr., Sunnyvale, CA 94086
p: 408.864.5118 f: 408.725.4310
Named to Red Herring's list of 100 Most Important Companies:
From: Anders Rundgren [mailto:ande...@telia.com]
Sent: Thursday, January 11, 2001 4:27 AM
To: Ahmed, Zahid; secu...@lists.oasis-open.org
Subject: Re: Challenge-Response/OBI & S2ML (Anders Rundgren's
I have reviewed all of your e-mails expressing concerns
about not including Challenge-Response.
Overall, I agree with Phil's previous response:
That is not such a surprise as you are one of the S2ML authors :-)
You did however not respond to my request: Is this open for
debate or is the
Regarding the technical part of this, I suspect that we (all)
may not even refer to the same
thing and the likely scenarious which makes it very hard for
anyone to have an opinion above
the level "we must have this" or "this is out of scope". It
*is* fairly complicated. It would be
interesting to know why MACE-Shibbeloth uses (sort of) C-A
Auth if it is "redundant" (Bob, are there?)
If any *real* progress is to be made, a sub-commitee or
ad-hoc group should be formed.