- From: Shadi Abou-Zahra <shadi@w3.org>
- Date: Wed, 30 Apr 2008 10:07:24 +0200
- To: "Scheppe, Kai-Dietrich" <k.scheppe@telekom.de>
- CC: Public POWDER <public-powderwg@w3.org>
Hi Kai, This response won't be much help, but you may be interested to know that we've had the same discussion around EARL. How do you trust a report put on a Web site or some kind of a repository? We have not taken specific action on this, except to try and explain how a security layer could be placed on-top of the EARL format. For example, by using signatures on the XML serialization of the RDF. I agree with you that this is an important topic that always comes up in one form or the other. I'd be interested if the POWDER folks can come up with something that we can reuse for EARL... ;) Regards, Shadi Scheppe, Kai-Dietrich wrote: > Phil had asked about China and the WWW2008 conference. > > Yes, there is something to report. > I gave a short presentation on POWDER. > It went fine, people seemed interested, there were few questions. > > However, one point came up in several conversations with several people > - that of security. > > Basically I was asked: > > How do you ensure that the DR which has been written does in fact > come from that person or entity? > > I believe we had, a long time ago, discussed digital signatures, but > wasn't sure what had come of all that. > > > Question to the group: Will we deal with that? And if yes, how? > > The easy way out would be to say no, trust is up to the user and we > won't bother, but I was struck by how this point came up several times > independently, thus I think it is not something to be brushed aside. > > -- Kai > > > > > > > -- Shadi Abou-Zahra - http://www.w3.org/People/shadi/ | WAI International Program Office Activity Lead | W3C Evaluation & Repair Tools Working Group Chair |
Received on Wednesday, 30 April 2008 08:07:57 UTC