W3C home > Mailing lists > Public > www-ws-arch@w3.org > August 2002

Re: Security Question

From: Francis McCabe <fgm@fla.fujitsu.com>
Date: Mon, 5 Aug 2002 12:57:20 -0700
To: Hal Lockhart <hal.lockhart@entegrity.com>
Message-Id: <A21EEDAC-A8AD-11D6-9127-000393A3327C@fla.fujitsu.com>


On Monday, August 5, 2002, at 11:51  AM, Hal Lockhart wrote:

> You have put your finger on an important issue that has been much 
> discussed on the PKIX mailing list and other fora that attract security 
> professionals, but not much in application circles. To summarize it in my 
> own words: security mechanisms can protect the integrity and 
> confidentiality of data traversing untrusted networks, but this does not 
> help unless there is agreement on informaiton semantics.
>  
> The case much discussed in digital signature circles is: what does it 
> mean when you digitally sign a document. In some contexts, you might want 
> it to mean, "I agree to be bound by this contract." In others, it might 
> simply mean "here is my latest draft, you can be sure it was not altered 
> in transit." Or even "here is something interesting I found on the 
> Internet, which you can tell is not SPAM because it comes from me."

This is a topic that we in the agent community have a LOT to say about. 
The resolution to this is the `communicative act'. A CA is essentially a 
pair: a verb-like token that indicates the force of the communication and 
a declarative sentence-like structure that we call the content. The 
performative makes the above distinction: signing a document is quite 
different to informing: i.e., there is a difference between telling you 
that I've signed a document and actually signing it -- even in the 
electronic world.

Of course, there needs to be agreement on the tokens, but that is what 
standards organizations are for ;-) In this case, see www.fipa.org

Frank
Received on Monday, 5 August 2002 16:02:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:03 GMT