RE: D-AR0062.2: Authentication for data from Joseph Hui on 2002-05-03 (www-ws-arch@w3.org from May 2002)

From: Joseph Hui <jhui@digisle.net>
Date: Fri, 3 May 2002 09:06:42 -0700
To: "Bick, Bob (LNG)" <robert.bick@lexisnexis.com>, "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Message-ID: <C153D39717E5F444B81E7B85018A460B0668595D@ex-sj-5.digisle.com>

> -----Original Message-----
> From: Bick, Bob (LNG) [mailto:robert.bick@lexisnexis.com]
[snip]
> I'd suggest we use the standard terms "data integrity" and 
> "non-repudiation"
> in that case rather than "data authentication". Perhaps this 
> may be more
> clear.

Data authentication IS a widely understood (or standard, if
you so chose) term.

Do not confuse "data integrity" and "non-repudiation" with
data authentication.  They are not the same.

Joe Hui
Exodus, a Cable & Wireless service
==========================================
> 
> Bob
> 
> -----Original Message-----
> From: Joseph Hui [mailto:jhui@digisle.net]
> Sent: Thursday, May 02, 2002 9:12 PM
> To: Hugo Haas; www-ws-arch@w3.org
> Subject: RE: D-AR0062.2: Authentication for data
> 
> 
> Data authentication -- authenticate that the data came from the right
> source.
> Getting acquainted with HMAC may help further.
>                       
> E.g. asking you to produce a driver's license authenticates you (by
> biometrics)
> to me that you're Hugo.  That's __peer (or party, or source)
> authentication__.
> Computing the hash of a message that incorporates a secret 
> shared by you and
> me
> allows me to authenticate that the message has not been altered and it
> came from you.  That's __data authentication__.  HMAC is one 
> way of doing
> this.
> Digital Signature is another way; but it requires Public Key 
> Encryption
> (PKE),
> thus a bit more expensive.
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ==================================================
> > -----Original Message-----
> > From: Hugo Haas [mailto:hugo@w3.org]
> > Sent: Thursday, May 02, 2002 2:02 PM
> > To: www-ws-arch@w3.org
> > Subject: D-AR0062.2: Authentication for data
> > 
> > 
> > My apologies, I was talking about D-AR0062.2, not D-AR006.2.1.
> > 
> > * Hugo Haas <hugo@w3.org> [2002-05-02 16:59-0400]
> > > D-AR0062.2 reads:
> > > 
> > >           + D-AR0062.2 The security framework must include 
> > Authentication
> > >             for data (sent and received by communicating parties).
> > > 
> > > D-AR0062.1 talks about parties authentication. D-AR0062.5 
> > talks about
> > > data integrity. It is not clear to me what data authentication is.
> > 
> > -- 
> > Hugo Haas - W3C
> > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> > tel:+1-617-452-2092
> > 
> > 
>

Received on Friday, 3 May 2002 12:07:08 UTC