- From: Eric Prud'hommeaux <eric@w3.org>
- Date: Tue, 2 Nov 2004 08:26:40 -0500
- To: Kendall Clark <kendall@monkeyfist.com>
- Cc: public-rdf-dawg@w3.org
- Message-ID: <20041102132640.GA22596@w3.org>
On Mon, Nov 01, 2004 at 08:24:41AM -0600, Dan Connolly wrote:
> ACTION: Eric to ask Kendall to put X509 policy use case into UC&R
I described a ws-policy use case at the last meeting and volunteered
to relay it to you. The scenario comes from my position paper [1] for
the Constraints and Capabilities Workshop.
My dream bank allows me to conduct transactions via a web service
interface. To prevent fraud, the messages to this service must be
authenticated by a trusted mechanism, either X509 or Kerberose.
My messages to the bank must be signed by either of these
mechanisms. These signatures get reflected to the application as
triples in an RDF graph.
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix wsse: <http://www.w3.org/2004/08/20-ws-pol-pos/#>.
<http://bucks.example/mesg#1234 rdf:type wsse:SecurityToken;
wsse:tokenType wsse:Kerberosv5TGT.
or
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix wsse: <http://www.w3.org/2004/08/20-ws-pol-pos/#>.
<http://bucks.example/mesg#1234 rdf:type wsse:SecurityToken;
wsse:tokenType wsse:X509v3.
The service expresses and enforces these constraints with a query
that runs over that RDF graph. This conveniently communicates the
constraints in a language that is human-comprehensible, machine-
comprehensible, and testable by all parties.
[1] http://www.w3.org/2004/08/20-ws-pol-pos/#query
--
-eric
office: +81.466.49.1170 W3C, Keio Research Institute at SFC,
Shonan Fujisawa Campus, Keio University,
5322 Endo, Fujisawa, Kanagawa 252-8520
JAPAN
+1.617.258.5741 NE43-344, MIT, Cambridge, MA 02144 USA
cell: +1.857.222.5741 (does not work in Asia)
(eric@w3.org)
Feel free to forward this message to any list for any purpose other than
email address distribution.
Received on Tuesday, 2 November 2004 13:26:41 UTC