ietf-openproxy
[Top] [All Lists]

Re: Authentication Requirements in opes-authorization-00 (section 4.2)

2002-10-26 10:52:05

Eric Burger wrote:

The next paragraph is a place where we can have protocol machinery:
"The PEP's should be authenticated before they receive policy
rules".  If we care, then I would propose, "Because of the
sensitivity of user profiles, the PEP Interface between the PEP and
the PDP MUST use a secure transport protocol."

How about phrasing it more like "Because of the sensitivity of user profiles, the PEP Interface between the PEP and the PDP MUST use a secured communication channel" rather than requiring a "...secure transport protocol...". Communication between PEP and PDP can be secured in different ways, and does not always require a secure *transport protocol*. (Assume, for example, that PDP and PEP are in the same administrative domain, which is protected via firewalls or so...)

-Markus


<Prev in Thread] Current Thread [Next in Thread>