This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5946 at Sun, 06 Nov 2022 09:05:51 GMT SourceForge : artf5946: a problem with the wording of C0701

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin

Glance

Calendar
Search Tracker
Project: OGSA-WG     Trackers > Attic > View Artifact
Artifact artf5946 : a problem with the wording of C0701
Tracker: Attic
Title: a problem with the wording of C0701
Description:
Section 7: I still have a problem with the wording here. Stating in C0701 that “UsernameToken credentials SHOULD NOT be
 used for message authentication..”, and then having Section 7.2 explain how to indicate they should be used for 
message level client authentication, seems  contradictory. C0701 also says username tokens “are not cryptographically 
verifiable.”. Of course, if one uses password digest (with nonce & timestamp) one can get cryptographically strong verification the sender knew the password and the token wasn’t pasted in from some other message. Was your intent in C0701 to warn people that username tokens should be used with caution since they: 1)  don’t provide a basis for ensuring overall message integrity; 2) the binding between the token and message is weak
? Perhaps just remove C0701 since it’s the only numbered security consideration in the document and the requirements in
 Section 4.2 already ensure it can’t be used unless you’re using secure transport.

by Blair Dillaway
Submitted By: Hiro Kishimoto
Submitted On: 07/08/2007 10:14 AM EDT
Last Modified: 11/12/2007 10:31 PM EST
Closed: 09/01/2007 9:52 PM EDT

Status / Comments Change Log Associations Attachments  
 (5 Items)
Field Old Value New Value Date Performed By
Status
Resolved
Closed
09/01/2007 9:52 PM EDT Hiro Kishimoto
Closed 09/01/2007 09/01/2007 9:52 PM EDT Hiro Kishimoto
Status
Open
Resolved
07/27/2007 11:37 AM EDT Duane Merrill
Category

              
	    
	    
          
SP - Secure Soap
11/12/2007 10:31 PM EST Andreas Savva
Tracker ID
tracker1648
tracker1659
11/12/2007 10:30 PM EST Andreas Savva

 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5946 at Sun, 06 Nov 2022 09:05:55 GMT