W3C home > Mailing lists > Public > www-xkms@w3.org > August 2002

RE: Comments on Aug 1 Spec

From: Daniel Ash <Daniel.Ash@identrus.com>
Date: Wed, 28 Aug 2002 11:53:34 -0400
Message-ID: <2B55DABB95C4D4119C1300508BD953F1A1AB0A@BLUE01>
To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>
Cc: www-xkms@w3.org, "'reagle@w3.org'" <reagle@w3.org>
 >>    [90] The Locate and Validate operations are both used to obtain
 >>    information about a public key from a Trust Service. Locate and
 >>    Validate services are both expected to attempt to provide correct
 >>    information to the requestor. The Locate and Validate 
 >> services differ
 >>    in the extent to which the Trust Service verifies the information
 >>    returned. A Location service SHOULD attempt to provide only
 >>    information which is trustworthy to the best of its knowledge. A
 >>    Validation service undertakes to only return information 
 >which has
 >>    been positively validated by the Trust Service as meeting its
 >>    validation criteria.
 >> 
 >> "Under a specified policy." (Note, I continue to hold a 
 >> minority opinion (of 
 >> one I presume <smile/>) that there's not much of a 
 >difference between 
 >> locate and validate. There's an implicit query (validate 
 >> requests more 
 >> elements) and policy, and I prefer such things to be explicit.
 >
 >The difference is that Validate is a trusted service, Locate 
 >is not. So Validate needs to take additional measures to ensure
 >that information returned is trustworthy. Locate does not.
 >
 >This difference makes a huge difference to us as a service
 >provider. The locate service is not trusted and is not covered
 >by the SAS70 audit. The validate service is covered by the
 >audit and requires FIPS 140 level 3 hardware etc. etc.
 >

What's the benefit of defining different types of services, i.e. locate and
validate, to distinguish the level of security, or "trust" of the service
provider?  as opposed to specifying these requirements through policies?
The services are one and the same, differing only with respect to service
levels.  

Locate aside, the definition of a validation service and associated
environmental/security controls will vary from provider to provider.  Since
we already require this policy mechanism to distinguish validation services,
why not use the same mechanism to account for trustless (whatever that
means) services.

-dan 
Received on Wednesday, 28 August 2002 11:53:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:39 UTC