W3C home > Mailing lists > Public > www-ws-arch@w3.org > September 2002

Re: Issue 3: What does "identities of communicating parties" mean (AR006.2.1)?

From: Hugo Haas <hugo@w3.org>
Date: Thu, 26 Sep 2002 16:57:19 +0200
To: www-ws-arch@w3.org
Message-ID: <20020926145718.GH3639@w3.org>

* Ahmed, Zahid <zahid.ahmed@commerceone.com> [2002-09-18 14:15-0700]
> To literally answer the question posed in the subject of this
> e-mail thread, it seems that:
> Participating web services may need to verify the identities 
> of multiple participants involved in a web service activity or in 
> a SOAP message exchange. Participants may be applications, 
> individuals, organizations, and possibly intermediaries. Such
> participants may need to be identified using a range of identity 
> tokens with differing levels of security and issuing authorities.
> Somme examples of identity tokens are: username/password token, 
> binary token, X.509 cert, SAML assertion token, etc.

* Hal Lockhart <hal.lockhart@entegrity.com> [2002-09-23 14:05-0400]
> I agree with Danny that the terminology is a mess. There should be no
> implication that a real world name MUST be included. 
> I agree with Zahid. Some examples participants are: Requester, Intermediary,
> Receipent, Codebase.

So, trying to come to a resolution here, would the following rewording
address the issue:

  AR006.2.1 The security framework must enable Authentication of the
            parties participating to an exchange.

I removed the term "identity" which seems to be the one causing



Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Thursday, 26 September 2002 10:58:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:59 UTC