W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

Re: X509 data element

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 05 Feb 2003 12:47:46 -0500
Message-ID: <3E414E42.1030800@datapower.com>
To: fd <fd@despammed.com>
CC: w3c-ietf-xmldsig@w3.org

> Rich, could you eleborate a little more what you mean for 
> "locally-configured" . If you intend something like pre-arranged trust 
> relashionship (I know him I trust his certificate or similar) how does 
> it fit in a web service world where services, their descriptions etc. 
> could be discovered dynamically ?

That's what I mean.

I do not believe that two random business organizations will find each 
other through a third-party directory and starting doing business.  It 
will either be a closed trading organization (various marketplaces), a 
risk/trust service like Identrus, or similar.  In which case, all 
parties will just have the root of their umbrella organization, and 
everyone will cache certs for the "Level 1" CA's as they find them.

> IMHO trust is another thing that could be discovered and managed 
> dynamically, so isn't the  80/20 rule above too strict in a web services 
> world ?

Only if you think it's gonna happen.  I don't.  At best, dynamic 
discovery will happen within the enterprise behind the firewall 
underneath a single trust domain.  On the public Internet?  Never.  Who 
will assume the liability for (among other things) fraudelent identity?

Loosely coupled, tightly contracted.
	/r$
Received on Wednesday, 5 February 2003 12:47:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT