|
|
|
|
|
|
|
|
|
|
|
|
|
• |
Do
credentials stay in the transport layer or can they be
|
|
|
exposed
at the application layer?
|
|
|
• |
Have
transport credentials at application layer plus additional
|
|
|
credentials
also
|
|
|
• |
Issue
of re-using secured connections for performance reasons
|
|
|
• |
Require
OOB authentication and have inband authentication as
|
|
an
option also?
|
|
|
• |
How
is identity asserted for access control?
|
|
|
• |
Is
there a man-in-the-middle attack if authentication is OOB?
|
|
|
• |
Should
Id and authentication information be included in
|
|
|
DSML?
AGREED NOT
|
|
|
• |
I.e.
agreed no inband authentication
|
|