-
Type:
Improvement
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: Authentication Step-Up Protocol and Metadata Version 1.0
-
Fix Version/s: None
-
Component/s: Public reviews
-
Labels:None
-
Environment:
Normative
Section 5 seems at first to be non-normative ("5 Implementation Considerations" - shying away from requirements...) . But it seems to state some clear requirements. ("The implemented authentication methods must be enumerated and details captured in a Trust Elevation Repository....") ("all components in the access control service must be able to handle the extra requests")("At enrollment time, the Trust System must identify, record and possibly provision authentication methods. "). If these are to be interpreted as normative by implementors, better to make it explicit. And then the conformance clause should refer to that content, e.g. by section number at least. E.g. we have above a requirement on Trust Elevation Repository, but the CC does not seem to care about it (not covered)