- From: Joseph Hui <jhui@digisle.net>
- Date: Thu, 2 May 2002 18:11:38 -0700
- To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Data authentication -- authenticate that the data came from the right source.
Getting acquainted with HMAC may help further.
E.g. asking you to produce a driver's license authenticates you (by biometrics)
to me that you're Hugo. That's __peer (or party, or source) authentication__.
Computing the hash of a message that incorporates a secret shared by you and me
allows me to authenticate that the message has not been altered and it
came from you. That's __data authentication__. HMAC is one way of doing this.
Digital Signature is another way; but it requires Public Key Encryption (PKE),
thus a bit more expensive.
Joe Hui
Exodus, a Cable & Wireless service
==================================================
> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Thursday, May 02, 2002 2:02 PM
> To: www-ws-arch@w3.org
> Subject: D-AR0062.2: Authentication for data
>
>
> My apologies, I was talking about D-AR0062.2, not D-AR006.2.1.
>
> * Hugo Haas <hugo@w3.org> [2002-05-02 16:59-0400]
> > D-AR0062.2 reads:
> >
> > + D-AR0062.2 The security framework must include
> Authentication
> > for data (sent and received by communicating parties).
> >
> > D-AR0062.1 talks about parties authentication. D-AR0062.5
> talks about
> > data integrity. It is not clear to me what data authentication is.
>
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ -
> tel:+1-617-452-2092
>
>
Received on Thursday, 2 May 2002 21:40:09 UTC