|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: UNH Plugfest 5Paul, the mesage is clearly something else: - if you want a redirect function that works in every environment you buy one that has everything - if you want for your own farm a redirect function that is cheaper then have one but then you must configure all your initiators not to mandate first authentication. Julo
>>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes: Julian> Paul, The aim of the standard is to create interoperale Julian> protocols not administrators. An administrator may cause Julian> initiators and target NOT TO interoperate in a myriad of Julian> ways. Julian> The basic assumptions for the whole security setup is that Julian> the administrator will set them so that they can intemperate Julian> and the standard setter provides him with the means to do so. Julian> Your assumption that initiators and target should be able to Julian> interoperate regardless of their administrative entities is Julian> not what standards do. So obviously we have a difference of opinion, because in my experience this IS what standards must do, have done in the past, and should continue to do in the future. But since you disagree, I guess the standard will remain the way it is. So I'll read between the lines and consider the consequences of this. It amounts to: 1. Initiators are allowed to insist that targets do a full authentication before they issue a redirect. 2. Targets are not required to implement this. 3. However, if you want to build a target that works with initiators that do (1), you DO have to implement this. You don't need it for conformance but you do need it for interoperability with initiators of type (1). Is this what the WG wants to do? In other words, the message to Bob Russell is "yes, this interoperability issue is intentional"? paul
Home Last updated: Wed Jan 15 15:18:59 2003 12182 messages in chronological order |