W3C home > Mailing lists > Public > www-xkms@w3.org > August 2002

Re: transaction specific policies

From: Stephen Farrell <stephen.farrell@baltimore.ie>
Date: Tue, 20 Aug 2002 17:26:42 +0100
Message-ID: <3D626DC2.92A8E524@baltimore.ie>
To: Daniel Ash <Daniel.Ash@identrus.com>
CC: "'www-xkms@w3.org '" <www-xkms@w3.org>


Dan,

Somewhere in there I got lost. Are you saying that service URL is
fine for Identrus style environments or not?

If it is, then great!

If not, what parts of the spec need changing?

Stephen.

> Daniel Ash wrote:
> 
> Stephen,
> 
> I'd prefer one option as well.  It seems that useWith wasn't intended for this kind of use.
> 
> The service URL seems to work, however, in an environment like Identrus, where a validation
> requests is handed from one trusted third party to another, the policy binding is far more
> manageable as part of the message itself, rather than implicit through the service URL.
> 
> The way policy is managed within Identrus and other financial industry activities, there's a need
> to bind policy to both a key and to a transaction.  key policy is always associated with a key.
> transaction with a specific type of transaction.  I'm not sure how to bind either in XKISS.
> 
> this seems most important if XKISS is allow third parties to manage policy bindings instead of the
> user.  a user may only have one application, while a third party may manage hundreds.
> 
> -dan
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
> Sent: Tuesday, August 20, 2002 10:14 AM
> To: Daniel Ash
> Cc: 'www-xkms@w3.org '
> Subject: Re: transaction specific policies
> 
> > Daniel Ash wrote:
> >
> > I'm trying to understand the best way to use XKISS in a particular scenario.  one which is
> likely
> > to be very common in the financial community.
> >
> > The same key is used for multiple transaction-specific policies.  an example of this type of
> > policy is the European Signature policy.  liability models will vary from one such policy to
> > another.  considering the same key is used, the trusted third party must me able to monitor
> > liability exposure in order effectively manage risks associated with the particular transaction
> > type/policy.  It also would need to make the statement: "this key is valid/invalid for this type
> 
> > of transaction".
> >
> > The options I'm aware of are:
> > 1.)  use a different XKISS service URL for each transaction type.
> > 2.)  extend the useWith element with custom transaction types.
> 
> I'd generally try go for #1, but this is an implementation issue.
> 
> > are there more options?  which is the most appropriate?
> 
> I don't see why we want more options.
> 
> Stephen.
> 
> >
> > -dan
> > Identrus
> 
> --
> ____________________________________________________________
> Stephen Farrell
> Baltimore Technologies,   tel: (direct line) +353 1 881 6716
> 39 Parkgate Street,                     fax: +353 1 881 7000
> Dublin 8.                mailto:stephen.farrell@baltimore.ie
> Ireland                             http://www.baltimore.com

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com
Received on Tuesday, 20 August 2002 12:25:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:39 UTC