[dix] Authentication out of scope
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dix] Authentication out of scope


On 13-Jan-06, at 1:56 PM, Hallam-Baker, Phillip wrote:


In the charter we've clearly stated that authentication
mechanisms are out of scope. The agent can authenticate the
user in any way it choses, and the relying party can chose
whether to accept that authentication or not. DIX just moves
the authentication assertion.

Where I think the system falls down today is the integration of the
various pieces. We have all the parts we need but none of them quite fit
together.

So I don't think you actually need to build any of the components you
describe, but you do need to get them to work together.

I would however insist on a distinction between considering an
authentication mechanism and considering authentication. The group is
going to need to specify how to use at least one authentication
mechanism in the context of the chosen identifier.

What I would like to get to though is a framework that allows me to drop
in a new authentication mechanism without disturbing any party in the
ecology other than the user and their registry. 

Agreed.

I don't think that you need to specify any authentication mechanism if you say it is out of band from moving "identity"

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix



Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.