SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: UNH Plugfest 5




    Paul,

    the mesage is clearly something else:

    - if you want a redirect function that works in every environment you buy one that has everything
    - if you want for your own farm a redirect function that is cheaper then have one but then you must configure all your initiators not to mandate first authentication.

    Julo


    Paul Koning <pkoning@equallogic.com>

    15/01/03 20:01

    To
    Julian Satran/Haifa/IBM@IBMIL
    cc
    ips@ece.cmu.edu, owner-ips@ece.cmu.edu
    Subject
    Re: UNH Plugfest 5





    >>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes:

    Julian> Paul, The aim of the standard is to create interoperale
    Julian> protocols not administrators.  An administrator may cause
    Julian> initiators and target NOT TO interoperate in a myriad of
    Julian> ways.

    Julian> The basic assumptions for the whole security setup is that
    Julian> the administrator will set them so that they can intemperate
    Julian> and the standard setter provides him with the means to do so.

    Julian> Your assumption that initiators and target should be able to
    Julian> interoperate regardless of their administrative entities is
    Julian> not what standards do.

    So obviously we have a difference of opinion, because in my experience
    this IS what standards must do, have done in the past, and should
    continue to do in the future.

    But since you disagree, I guess the standard will remain the way it
    is.  So I'll read between the lines and consider the consequences of
    this.  It amounts to:

    1. Initiators are allowed to insist that targets do a full
      authentication before they issue a redirect.
    2. Targets are not required to implement this.
    3. However, if you want to build a target that works with initiators
      that do (1), you DO have to implement this.  You don't need it for
      conformance but you do need it for interoperability with initiators
      of type (1).

    Is this what the WG wants to do?  In other words, the message to Bob
    Russell is "yes, this interoperability issue is intentional"?

                    paul




Home

Last updated: Wed Jan 15 15:18:59 2003
12182 messages in chronological order