[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PaceSecurityServices & Digest auth

To: "Ezra Cooper" <ezra@xxxxxxxxxxxx>
Subject: Re: PaceSecurityServices & Digest auth
From: Asbjørn Ulsberg <asbjorn@xxxxxxxxxxxxxx>
Date: Thu, 01 Jul 2004 21:43:12 +0200
Cc: Atom-Syntax <atom-syntax@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-id: <atom-syntax.imc.org>
List-unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-atom-syntax@xxxxxxxxxxxx
User-agent: Opera M2/7.51 (Win32, build 3798)

On Wed, 30 Jun 2004 18:44:40 -0700, Ezra Cooper <ezra@xxxxxxxxxxxx> wrote:

I'd like to express support for specifying some authentication method(s) for use with Atom

As a matter of fact, I think Atom not only should, but must provide some sort of security guidelines, including authentication (but maybe stuff including encryption of sensitive information etc as well). Why? As RFC 3470 says:

  Given the lack of security services in XML, it is imperative that
  protocol specifications mandate additional security services to
  counter common threats and attacks; the specific required services
  will depend on the protocol's threat model.

So, Atom SHOULD define some sort of authentication method in the specification, or at least give some references.

--
Asbjørn Ulsberg         -=|=-        asbjornu@xxxxxxxxxxx
«He's a loathsome offensive brute, yet I can't look away»

References:
- PaceSecurityServices & Digest auth
  - From: Ezra Cooper

Prev by Date: Re: PaceIntrospection: Is another file format really needed?
Next by Date: Re: PacePersonRef posted
Previous by thread: Re: PaceSecurityServices & Digest auth
Index(es):
- Date
- Thread