RE: D-AR006.9 - "baseline for trust models"

Hierarchical trust model is only one of many trust models.
Direct trust model is common where key exchange protocols are robust and
trusted. Peer-to-peer trust model (popularized by PGP)
is another model that is useful to develop a web of trust.
Note sure whether the term "trust model" in 006.9 means these kind of
models.
Need clarification.

Cheers,
-Suresh

-----Original Message-----
From: Ahmed, Zahid [mailto:zahid.ahmed@commerceone.com]
Sent: Thursday, May 02, 2002 4:35 PM
To: www-ws-arch@w3.org
Subject: RE: D-AR006.9 - "baseline for trust models"


The scope of "trust models" problem should include:

1) Management of trusted CA roots that may be embedded or
accessible in web services applications and client 
devices.
2) Exchange of authorization data, e.g., signed or 
trusted assertions.

W.r.t. #1, there is the X-TASS/XKMS specification:
	http://www.xmltrustcenter.org/research/docs/Xtass.pdf
	http://www.xmltrustcenter.org/xkms/docs/XKMS_1.1.pdf

W.r.t. #2, there is the OASIS SAML v. 1.0 specification 
and possibly posisbly the WS-Security spec:
	http://www.oasis-open.org/committees/security/



Zahid Ahmed


-----Original Message-----
From: David Booth [mailto:dbooth@w3.org]
Sent: Thursday, May 02, 2002 12:40 PM
To: www-ws-arch@w3.org
Subject: D-AR006.9 - "baseline for trust models"



>"D-AR006.9 The security framework document SHOULD recommend a baseline for 
>trust models."

I think this needs clarification.  I don't know what "a baseline for trust 
models" means.


-- 
David Booth
W3C Fellow / Hewlett-Packard
Telephone: +1.617.253.1273

Received on Thursday, 2 May 2002 20:00:16 UTC