Issue 6312: Server Authentication (firewall-traversal-ftf) Source: Adiron, LLC (Mr. Polar Humenn, polar(at)adiron.com) Nature: Uncategorized Issue Severity: Summary: As I understood it, the Firewall Traversal specification was to use new CSIv2 Compound Identity types to give the target server the complex principal composed of the client and the authenticating firewall traversal path. The server was to be authenticated to the client in much the same way. This functionality appears to be missing in the specification. It is easily fixed by returning a CSIv2 IdentityTokenSeq from a successful firewall negotiation, specifying the backwards firewall authentication trail from the server to the client. Resolution: Revised Text: Actions taken: October 7, 2003: received issue Discussion: End of Annotations:===== uthentication-Warning: greene.case.syr.edu: polar owned process doing -bs Date: Tue, 7 Oct 2003 11:00:08 -0400 (EDT) From: Polar Humenn X-X-Sender: polar@greene.case.syr.edu To: issues@omg.org, firewall-traversal-ftf@omg.org Subject: Server Authentication Firewall Issue. As I understood it, the Firewall Traversal specification was to use new CSIv2 Compound Identity types to give the target server the complex principal composed of the client and the authenticating firewall traversal path. The server was to be authenticated to the client in much the same way. This functionality appears to be missing in the specification. It is easily fixed by returning a CSIv2 IdentityTokenSeq from a successful firewall negotiation, specifying the backwards firewall authentication trail from the server to the client. Cheers, -Polar ------------------------------------------------------------------- Polar Humenn Adiron, LLC mailto:polar@adiron.com 2-212 CST Phone: 315-443-3171 Syracuse, NY 13244-4100 Fax: 315-443-4745 http://www.adiron.com