W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: D-AR006.9 - "baseline for trust models"

From: Damodaran, Suresh <Suresh_Damodaran@stercomm.com>
Date: Thu, 2 May 2002 18:59:47 -0500
Message-ID: <40AC2C8FB855D411AE0200D0B7458B2B07C594E0@scidalmsg01.csg.stercomm.com>
To: "'Ahmed, Zahid'" <zahid.ahmed@commerceone.com>, www-ws-arch@w3.org
Hierarchical trust model is only one of many trust models.
Direct trust model is common where key exchange protocols are robust and
trusted. Peer-to-peer trust model (popularized by PGP)
is another model that is useful to develop a web of trust.
Note sure whether the term "trust model" in 006.9 means these kind of
Need clarification.


-----Original Message-----
From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com]
Sent: Thursday, May 02, 2002 4:35 PM
To: www-ws-arch@w3.org
Subject: RE: D-AR006.9 - "baseline for trust models"

The scope of "trust models" problem should include:

1) Management of trusted CA roots that may be embedded or
accessible in web services applications and client 
2) Exchange of authorization data, e.g., signed or 
trusted assertions.

W.r.t. #1, there is the X-TASS/XKMS specification:

W.r.t. #2, there is the OASIS SAML v. 1.0 specification 
and possibly posisbly the WS-Security spec:

Zahid Ahmed

-----Original Message-----
From: David Booth [mailto:dbooth@w3.org]
Sent: Thursday, May 02, 2002 12:40 PM
To: www-ws-arch@w3.org
Subject: D-AR006.9 - "baseline for trust models"

>"D-AR006.9 The security framework document SHOULD recommend a baseline for 
>trust models."

I think this needs clarification.  I don't know what "a baseline for trust 
models" means.

David Booth
W3C Fellow / Hewlett-Packard
Telephone: +1.617.253.1273
Received on Thursday, 2 May 2002 20:00:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:55 UTC