- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 8 Aug 2006 10:19:48 -0400
- To: ext Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>, public-usable-authentication@w3.org
Note that the authentication context structure, defined by Liberty Alliance [1] and subsequently updated and incorporated in the OASIS SAML 2.0 standard [2] provides a means for expressing some of the information Mez identified. regards, Frederick Frederick Hirsch Nokia [1] <https://www.projectliberty.org/resources/specifications.php#box4> [2] <http://docs.oasis-open.org/security/saml/v2.0/saml-authn- context-2.0-os.pdf> On Aug 7, 2006, at 5:41 PM, ext Mary Ellen Zurko wrote: > > On Web Security Context Baseline, > > I'm a bit worried about: > "a minimal set of security context information " > > It seems to imply a single small set of items will be required of > any user agent. I don't think it will work out that way, though I > do think the alternatives will collapse to a small conceptual set, > and that their presence or lack will be important to users. Things > like user/web agent history, and strength and meaningfulness of > identification/authentication. > > A first public working draft implies to me that that version at > least will target well known web agents (browsers as opposed to > rich client) and core protocols (HTTPS as opposed to Web Services). > Are these in fact very aggressive deadlines for a predominantly > tactical WG? > > Mez > > > > public-usable-authentication-request@w3.org wrote on 08/07/2006 > 12:39:11 PM: > > > > > Hello, > > > > I've taken another stab at the scope and deliverable sections > > of the charter drafts, and added tentative time lines to these. > > > > http://www.w3.org/2005/Security/wsc-charter > > http://www.w3.org/2005/Security/htmlauth-charter > > > > For the security context information baseline group, I've tried > > to introduce a clearer partition between the question what to > > display (and how to do it nicely), and techniques to make that > > kind of display more robust against spoofing. (Thanks to Jeff > > Nelson (Google) for his suggestions.) > > > > The form annotations project has seen some general clean-up. > > > > The time line (identical for both groups at this point) is > > essentially the usual 3-month heartbeat requirement for public > > working drafts, with two public WDs before last call. A call > > for participation is assumed to go out in October, and an > > initial face-to-face meeting (for both groups; hopefully, we > > can find a way to co-locate these) is assumed for the week of > > 13 November. > > > > > > Caveat emptor: Please note that, at this > > point, these dates are working hypotheses! > > > > > > Comments would, as always, be useful, > > -- > > Thomas Roessler, W3C <tlr@w3.org> > >
Received on Tuesday, 8 August 2006 14:20:53 UTC