W3C home > Mailing lists > Public > www-ws-arch@w3.org > September 2002

Issue 3: What does "identities of communicating parties" mean (AR006.2.1)?

From: Hugo Haas <hugo@w3.org>
Date: Wed, 18 Sep 2002 19:27:52 +0200
To: www-ws-arch@w3.org
Message-ID: <20020918172752.GT1164@w3.org>

Hi all.

In our task of getting consensus on the requirements document, we
didn't address issue 3[1] about the meaning of "identities of
communicating parties".

AR006.2.1 reads[2]:

| + AR006.2.1 The security framework must enable Authentication
|   for the identities of communicating parties.

Danny's email reads[3]:

| Requirement AR006.2.1 seeks to provide from authentication for the
| identities of communicating parties. The use of the term 'identity' should
| be clarified. As written, this requirement could me that the legal name of a
| communicating party is to be authenticated, or simply that the identifier,
| whether name, email address, IP address, etc. associated with the
| communication is authenticated. If the meaning is the former, then it should
| be clarified that anonymous and pseudonymous communications must be
| supported. If the latter (much simpler from a privacy perspective) then the
| scope of this requirement should be narrowed.

I think that the latter is intended, but some security experts may
disagree.

We should try and get consensus on the interpretation, and then maybe
reword this requirement to better reflect the intent. Danny proposed
to help us with the wording if necessary.

Chairs, could we have that on the agenda for this week's
teleconference? Thank you.

Regards,

Hugo

  1. http://www.w3.org/2002/ws/arch/2/issues/wsa-issues.html#x3
  2. http://www.w3.org/TR/2002/WD-wsa-reqs-20020819#AR006.2.1
  3. http://lists.w3.org/Archives/Public/www-wsa-comments/2002Jun/0001.html
-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Wednesday, 18 September 2002 13:32:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:05 GMT