W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: ISSUE-44: beyond \'who\' (some day) (pubic comment)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 18 Apr 2007 16:27:44 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OF19D1530C.D2D2950D-ON852572C1.0070033F-852572C1.00706A4E@LocalDomain>
Under either "New Security Information" or "Other Security Challenges", Al 
points out this is a future looking statement, and so it's out of scope.

btw, I couldn't follow the contextual integrity link - you need to be 
subscribed to the economist: 

If anyone else goes there, let us know what it's about. 


Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/15/2007 11:01 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


ISSUE-44: beyond \'who\' (some day) (pubic comment)

ISSUE-44: beyond 'who' (some day) (pubic comment)


Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org


beyond 'who' (some day) 
where it says, in 4.3 Entity identification
Recommending a presentation for these
   designators that helps the user recognize which entity they are
   currently conversing with, and when they are switching to a
   different entity, is a primary concern of this Working Group.
please consider
The likely shape of a better world of trust includes the terms of the 
engagement beyond just 'who.'  Absolutely, the state of what works today 
limited to "who" am I talking to.
And DNS domains are about as scientific a 'who' as users ever resolve in 
fuzzy brains, by way of entities that are not human individuals.
On the other hand, there is still a lot of dissatisfaction from consumers 
about organizations taking information disclosed for a finite purpose and 
redistributing it beyond what the user understood as the purpose of that 
disclosure.  So the group should be aware of contemporary work to model 
decisions in terms of contextual integrity where the parameteters of a 
desiring integrity are the defining characteristics of shared tasks as 
well as 
who is in or out of the circle of the conversation.

please consider
attribute certificates in the picture, eventually (bearer is known to me 
assertion/attribute is true about said bearer).  User can provide a 
for certified quality, not requiring disclosure of user's identity.
The parking meter needs to know you are a qualifying individual to use 
disabled parking spots, but it does not need to know exactly who you are. 
There are, in the best of all possible worlds, many correlates for this in 
world of B2C transactions.  So while a clear communication of "who is in 
scene, and who am I conversing with?" is the name of the game for now, the 

total picture in the long term may use attribute certificates as well as 
identity certificates
Received on Wednesday, 18 April 2007 20:27:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:36:44 UTC