Re: [adding document URI]FW: Comment on AR006.2.1 - identity of communicating parties from Joseph Hui on 2002-07-10 (www-ws-arch@w3.org from July 2002)

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Wed, 10 Jul 2002 15:15:03 -0700
To: <djweitzner@w3.org>
Cc: <www-ws-arch@w3.org>
Message-ID: <45258A4365C6B24A9832BFE224837D551D1C93@SJDCEX01.int.exodus.net>

Hi Daniel,

Pardon my belated response.
I missed this mail while I was attending the June F2F, only
to have just re-discovered it while reading Daniel Austin's
posting about the newly updated issue list.
(Must be the Parisian water for my remiss; whatever they piped
into those water bottles just didn't taste like bottled water
in the US.  No wonder they resort to wine. :-)

Anyway, let's see if I can answer your question.
The said "identities" (the term) is not meant to take on
one specific form for all occasions, say IP address, email
address, login ID, canonical name (i.e. CNAME in DNS), ...
In the authentication context, it simply means an object
that an "authenticatee" presents to the "authenticator"
for the purpose of authenticating itself in a given
security context.  This means, in IPSec, the object
manifests itself in the form of an IP address (e.g. 12.34.56.78);
in DNS or https (which entails security certificates),
a CNAME (e.g. www.funcity.com); in host login,
a username; ...  Therefore, it is not viable to tie the
"identity," as used in 6.2.1, to only one rendition.

Hope this helps.

Joe Hui
Exodus, a Cable & Wireless service
======================================================================


-----Original Message-----
From: Daniel Weitzner [mailto:djweitzner@w3.org]
Sent: Wednesday, June 12, 2002 3:36 PM
To: www-wsa-comments@w3.org
Cc: Hugo Haas
Subject: Comment on AR006.2.1 - identity of communicating parties


Requirement AR006.2.1 seeks to provide from authentication for the
identities of communicating parties. The use of the term 'identity' should
be clarified. As written, this requirement could me that the legal name of a
communicating party is to be authenticated, or simply that the identifier,
whether name, email address, IP address, etc. associated with the
communication is authenticated. If the meaning is the former, then it should
be clarified that anonymous and pseudonymous communications must be
supported. If the latter (much simpler from a privacy perspective) then the
scope of this requirement should be narrowed.

I'm happy to talk about this further and propose wording once the intent is
clear.

Thanks....

--
Daniel J. Weitzner                              +1.617.253.8036 (MIT)
World Wide Web Consortium                       +1.202.364.4750 (DC)
Technology & Society Domain Leader              <djweitzner@w3.org>
http://www.w3.org/People/Weitzner.html

Received on Wednesday, 10 July 2002 18:14:35 UTC