- From: Damodaran, Suresh <Suresh_Damodaran@stercomm.com>
- Date: Thu, 2 May 2002 18:59:47 -0500
- To: "'Ahmed, Zahid'" <zahid.ahmed@commerceone.com>, www-ws-arch@w3.org
Hierarchical trust model is only one of many trust models. Direct trust model is common where key exchange protocols are robust and trusted. Peer-to-peer trust model (popularized by PGP) is another model that is useful to develop a web of trust. Note sure whether the term "trust model" in 006.9 means these kind of models. Need clarification. Cheers, -Suresh -----Original Message----- From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com] Sent: Thursday, May 02, 2002 4:35 PM To: www-ws-arch@w3.org Subject: RE: D-AR006.9 - "baseline for trust models" The scope of "trust models" problem should include: 1) Management of trusted CA roots that may be embedded or accessible in web services applications and client devices. 2) Exchange of authorization data, e.g., signed or trusted assertions. W.r.t. #1, there is the X-TASS/XKMS specification: http://www.xmltrustcenter.org/research/docs/Xtass.pdf http://www.xmltrustcenter.org/xkms/docs/XKMS_1.1.pdf W.r.t. #2, there is the OASIS SAML v. 1.0 specification and possibly posisbly the WS-Security spec: http://www.oasis-open.org/committees/security/ Zahid Ahmed -----Original Message----- From: David Booth [mailto:dbooth@w3.org] Sent: Thursday, May 02, 2002 12:40 PM To: www-ws-arch@w3.org Subject: D-AR006.9 - "baseline for trust models" >"D-AR006.9 The security framework document SHOULD recommend a baseline for >trust models." I think this needs clarification. I don't know what "a baseline for trust models" means. -- David Booth W3C Fellow / Hewlett-Packard Telephone: +1.617.253.1273
Received on Thursday, 2 May 2002 20:00:16 UTC