Re: Proposal for lc87 and lc55

On Jul 7, 2005, at 1:11 PM, Rich Salz wrote:
>
>>> (ii) Users of EPRs should only use EPRs from sources they trust.  
>>> The  required trust has two aspects:
>>>
>>> (a) that the EPR was obtained from a trusted source
>>> (b) that it was obtained from a source with authority to  
>>> represent  the [destination] of that EPR.
>>>
>
> Like you, I don't believe (ii)(b) is always necessary, for exactly  
> the reason you state -- the EPR might contain information signed by  
> the addressee.
>
I don't think it will always be necessary, if the user implicitly  
trusts everything the minter tells them then there's no need.  
However, for more casual relationships I think it will be necessary  
for the minter to prove it has some authority to speak for the target  
of the EPR.

> It's also important to realize that "trust" can be completely  
> determined out of band.  For example, within an enterprise, the  
> corporate policy might be "everyone uses the corporate registry for  
> WS-A services," and the MIS/IT department will help enforce this by  
> some desktop configuration tools.
>
Absolutely. My proposal recognized this by not making the trust  
mechanism REQUIRED, the MUSTs only apply "When using this mechanism".

Marc.

> "Do I trust this data?" can often be re-phrased as "am I liable if  
> this information is wrong?"  Given the difficulties of getting the  
> crypto right (e.g., see http://lists.w3.org/Archives/Public/public- 
> ws-addressing/2005Mar/0115), I bet that the dominant security model  
> for WS-A will be pre-installed configurations (regedit anyone?) and  
> SSL.
>
>     /r$
>
> -- 
> Rich Salz, Chief Security Architect
> DataPower Technology                           http:// 
> www.datapower.com
> XS40 XML Security Gateway   http://www.datapower.com/products/ 
> xs40.html
>
>

---
Marc Hadley <marc.hadley at sun.com>
Business Alliances, CTO Office, Sun Microsystems.