AuthN CA middleware support [Fwd: [caops-wg] Draft Agenda]
Olle Mulmo
mulmo at pdc.kth.se
Wed May 10 03:17:50 CDT 2006
insures -> ensures
This one the one hard enables -> This functionality enables
"they accept from any [the] issuing authority to only those
identifiers that are [agreed to be] subject to a specific
Authentication Profile."
(remove words in brackets)
subsequent authorization decision -> ... decisions
The last point ("make validation...") is too vaguely stated. Any
certificate in the chain implies that the RP should honor arbitrarily
Policy OIDs embedded in self-issued proxy certs. I suggest narrowing
this down to EE and sub-CA certs for now.
You could add another wishlist item that middleware providers should
honor the same configuration syntax that controls the OID set and
namespace constraints... (and the CAOPS group should quickly find
volunteers that nail down that syntax).
/Olle
More information about the caops-wg
mailing list