Re: [dix] Re: [Ietf-http-auth] More requirements

To: Jeff Hodges <Jeff.Hodges at neustar.biz>
Subject: Re: [dix] Re: [Ietf-http-auth] More requirements
From: "RL 'Bob' Morgan" <rlmorgan at washington.edu>
Date: Fri, 14 Jul 2006 09:51:11 -0400 (EDT)
Cc: Digital Identity Exchange <dix at ietf.org>, IETF HTTP Auth <ietf-http-auth at lists.osafoundation.org>
In-reply-to: <44B79C5B.8070103@neustar.biz>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <1b587cab0607131743g36c96314ta9b3a0a90aa871e0@mail.google.com> <86wtag5r75.fsf@delta.rtfm.com> <Pine.LNX.4.64.0607140835550.31752@perf.cac.washington.edu> <44B79C5B.8070103@neustar.biz>
Reply-to: Digital Identity Exchange <dix at ietf.org>

Indeed, many of these are distinct "security properties". Note in the intro to his note, ekr termed the content of his note as:

"a taxonomy of requirements/features and technical options"

Right, a problem we often have with stating requirements is differentiating between "X is required to be possible/negotiable" and "X is required to always be done"; where the first of these produces derivative requirements about the nature of the negotiation of and/or policy around the feature.

 - RL "Bob"

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- [dix] More requirements
  - From: Ben Laurie
- [dix] Re: [Ietf-http-auth] More requirements
  - From: EKR
- Re: [dix] Re: [Ietf-http-auth] More requirements
  - From: RL 'Bob' Morgan
- Re: [dix] Re: [Ietf-http-auth] More requirements
  - From: Jeff Hodges

Prev by Date: Re: [dix] Extant Applicable Security Glossaries
Next by Date: Re: [dix] More requirements
Previous by thread: Re: [dix] Re: [Ietf-http-auth] More requirements
Next by thread: [dix] Re: [Ietf-http-auth] More requirements
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] More requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.