W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: D-AR0062.2: Authentication for data

From: Joseph Hui <jhui@digisle.net>
Date: Thu, 2 May 2002 18:11:38 -0700
Message-ID: <C153D39717E5F444B81E7B85018A460B081B27E4@ex-sj-5.digisle.com>
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Data authentication -- authenticate that the data came from the right source.
Getting acquainted with HMAC may help further.
                      
E.g. asking you to produce a driver's license authenticates you (by biometrics)
to me that you're Hugo.  That's __peer (or party, or source) authentication__.
Computing the hash of a message that incorporates a secret shared by you and me
allows me to authenticate that the message has not been altered and it
came from you.  That's __data authentication__.  HMAC is one way of doing this.
Digital Signature is another way; but it requires Public Key Encryption (PKE),
thus a bit more expensive.

Joe Hui
Exodus, a Cable & Wireless service
==================================================
> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Thursday, May 02, 2002 2:02 PM
> To: www-ws-arch@w3.org
> Subject: D-AR0062.2: Authentication for data
> 
> 
> My apologies, I was talking about D-AR0062.2, not D-AR006.2.1.
> 
> * Hugo Haas <hugo@w3.org> [2002-05-02 16:59-0400]
> > D-AR0062.2 reads:
> > 
> >           + D-AR0062.2 The security framework must include 
> Authentication
> >             for data (sent and received by communicating parties).
> > 
> > D-AR0062.1 talks about parties authentication. D-AR0062.5 
> talks about
> > data integrity. It is not clear to me what data authentication is.
> 
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> tel:+1-617-452-2092
> 
> 
Received on Thursday, 2 May 2002 21:40:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT