OASIS Open

Thales e-Security

No

Oh for the Line Item Veto/No Vote...

I have a problem with #5 for sections 3.1.5 and 3.2.5 that requires that a server SHALL use port 5696 for basic authentication. It is great to require it for interoperability testing but that port should be allowed to be configured for security purposes by the using organization. I don't see this as part of the specification but a recommendation of should. Again this is where each profile gets to choose what they use for transport.

I suggest if we want to require something then change the language to read something along the lines of "the default port used for the Basic Authentication Suite SHALL be 5696 would be better language for conformance" with some follow on verbiage about configurability of the port number.

If this language were to change then my vote would be yes unless someone can convince me differently.