RE: D-AR0062.2: Authentication for data

Joe,

Isn't this commonly refered to as Data Origin Authentication (as opposed to
"data authentication")?

Zulah
Hewlett-Packard Company

-----Original Message-----
From: Joseph Hui [mailto:jhui@digisle.net]
Sent: Friday, May 03, 2002 9:07 AM
To: Bick, Bob (LNG); Hugo Haas; www-ws-arch@w3.org
Subject: RE: D-AR0062.2: Authentication for data


> -----Original Message-----
> From: Bick, Bob (LNG) [mailto:robert.bick@lexisnexis.com]
[snip]
> I'd suggest we use the standard terms "data integrity" and 
> "non-repudiation"
> in that case rather than "data authentication". Perhaps this 
> may be more
> clear.

Data authentication IS a widely understood (or standard, if
you so chose) term.

Do not confuse "data integrity" and "non-repudiation" with
data authentication.  They are not the same.

Joe Hui
Exodus, a Cable & Wireless service
==========================================
> 
> Bob
> 
> -----Original Message-----
> From: Joseph Hui [mailto:jhui@digisle.net]
> Sent: Thursday, May 02, 2002 9:12 PM
> To: Hugo Haas; www-ws-arch@w3.org
> Subject: RE: D-AR0062.2: Authentication for data
> 
> 
> Data authentication -- authenticate that the data came from the right
> source.
> Getting acquainted with HMAC may help further.
>                       
> E.g. asking you to produce a driver's license authenticates you (by
> biometrics)
> to me that you're Hugo.  That's __peer (or party, or source)
> authentication__.
> Computing the hash of a message that incorporates a secret 
> shared by you and
> me
> allows me to authenticate that the message has not been altered and it
> came from you.  That's __data authentication__.  HMAC is one 
> way of doing
> this.
> Digital Signature is another way; but it requires Public Key 
> Encryption
> (PKE),
> thus a bit more expensive.
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ==================================================
> > -----Original Message-----
> > From: Hugo Haas [mailto:hugo@w3.org]
> > Sent: Thursday, May 02, 2002 2:02 PM
> > To: www-ws-arch@w3.org
> > Subject: D-AR0062.2: Authentication for data
> > 
> > 
> > My apologies, I was talking about D-AR0062.2, not D-AR006.2.1.
> > 
> > * Hugo Haas <hugo@w3.org> [2002-05-02 16:59-0400]
> > > D-AR0062.2 reads:
> > > 
> > >           + D-AR0062.2 The security framework must include 
> > Authentication
> > >             for data (sent and received by communicating parties).
> > > 
> > > D-AR0062.1 talks about parties authentication. D-AR0062.5 
> > talks about
> > > data integrity. It is not clear to me what data authentication is.
> > 
> > -- 
> > Hugo Haas - W3C
> > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> > tel:+1-617-452-2092
> > 
> > 
> 

Received on Friday, 3 May 2002 14:03:59 UTC