[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication Requirements in opes-authorization-00 (section 4.2)

To: eburger@xxxxxxxxxxxxx
Subject: Re: Authentication Requirements in opes-authorization-00 (section 4.2)
From: Markus Hofmann <markus@xxxxxxxx>
Date: Sat, 26 Oct 2002 13:52:00 -0400
Cc: OPES Group <ietf-openproxy@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openproxy/mail-archive/>
List-id: <ietf-openproxy.imc.org>
List-unsubscribe: <mailto:ietf-openproxy-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openproxy@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2b) Gecko/20021016

Eric Burger wrote:

The next paragraph is a place where we can have protocol machinery:
"The PEP's should be authenticated before they receive policy
rules".  If we care, then I would propose, "Because of the
sensitivity of user profiles, the PEP Interface between the PEP and
the PDP MUST use a secure transport protocol."

How about phrasing it more like "Because of the sensitivity of user profiles, the PEP Interface between the PEP and the PDP MUST use a secured communication channel" rather than requiring a "...secure transport protocol...". Communication between PEP and PDP can be secured in different ways, and does not always require a secure *transport protocol*. (Assume, for example, that PDP and PEP are in the same administrative domain, which is protected via firewalls or so...)

-Markus

References:
- Authentication Requirements in opes-authorization-00 (section 4.2)
  - From: Eric Burger

Prev by Date: RE: Some comments on draft-ietf-opes-threats-00
Next by Date: Re: Some comments on draft-ietf-opes-threats-00
Previous by thread: RE: Authentication Requirements in opes-authorization-00 (section 4.2)
Next by thread: Unique Shared Secrets (4.4.2) in opes-authorization
Index(es):
- Date
- Thread