[ogsa-wg] OGSA EAP Security profiles: Final call for comments
Donal K. Fellows
donal.k.fellows at manchester.ac.uk
Fri Dec 7 03:01:24 CST 2007
Duane Merrill wrote:
> Thanks for the comments, Sven!
>> In various places throughout the document you say that a server
>> certificate is provided for "hostname verification" (e.g. line 454). I
>> think that this is restrictive as the certificate authenticates the
>> server and not just the name of the remote host that gives you access
>> to the server. I think that these statements could be rephrased.
>
> Yes, we're going to rephrase the discussion to "identity verification".
The actual suggestion I made was "service identity verification". It's
not about general identity verification, which is a much thornier
subject due to privacy issues.
Donal.
More information about the ogsa-wg
mailing list