W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: D-AR006.9 - "baseline for trust models"

From: Joseph Hui <jhui@digisle.net>
Date: Thu, 2 May 2002 18:01:11 -0700
Message-ID: <C153D39717E5F444B81E7B85018A460B081B27E2@ex-sj-5.digisle.com>
To: "David Booth" <dbooth@w3.org>, <www-ws-arch@w3.org>
> -----Original Message-----
> From: David Booth [mailto:dbooth@w3.org]
> Sent: Thursday, May 02, 2002 12:40 PM
> To: www-ws-arch@w3.org
> Subject: D-AR006.9 - "baseline for trust models"
> >"D-AR006.9 The security framework document SHOULD recommend 
> a baseline for 
> >trust models."
> I think this needs clarification.  I don't know what "a 
> baseline for trust 
> models" means.

Trust models range from: username/password, to PGP-signed certificates,
to CA-issued certificates, ... 
We may want to set a baseline somewhere, so WS providers and consumers
will be well advised what they need to prepare themselves for in order to
do business.  E.g. right now you won't give out your credit card number
to a (non-https) website that doesn't turn on that little lock at the
corner of your browser, because you have implicitly adopted the trust
model (executed by your browser on your behalf) that you don't trust
merchants who don't bother to acquire a certificate (issued by a 
reputable CA).

BTW, as with few others, the WG may want to deliberate whether this
should be in or out of scope.  So vote D if you aren't sure.


Joe Hui
Exodus, a Cable & Wireless service
Received on Thursday, 2 May 2002 21:01:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:55 UTC