[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PaceSecurityServices


Joe Gregorio wrote:

In the section on the AtomAPI:
---------------------------------------------

+1 on Digest and TLS

I support referencing and strongly encouraging
the use of standard authentication and encryption mechanisms.



+1

-1 to WSSE



...

If we must create a new authentication mechanism
than I would also like it to be a seperate RFC from the
the AtomAPI, just as HTTP is broken into RFC 2616 and 2617.


I'm fine with accepting the Pace as is. If we want to make AuthForBob a seperate document, we can do that at any time. Saying it should go in a document that's not (yet) a deliverable resembles handwaving a little too closely for me. I'm not a big fan of WSSE, but it will be easy to replace that section with something else. Let's just get it in there for now.

There's also the section "Security Considerations"*//*/**/, which I generally agree with. I would rewrite it a bit to highlight the fact that all authentication is based on RFC 2617, it's just that we've added an extension authentication scheme (the RFC allows this).

Robert Sayre