- From: Hugo Haas <hugo@w3.org>
- Date: Wed, 18 Sep 2002 19:27:52 +0200
- To: www-ws-arch@w3.org
Hi all. In our task of getting consensus on the requirements document, we didn't address issue 3[1] about the meaning of "identities of communicating parties". AR006.2.1 reads[2]: | + AR006.2.1 The security framework must enable Authentication | for the identities of communicating parties. Danny's email reads[3]: | Requirement AR006.2.1 seeks to provide from authentication for the | identities of communicating parties. The use of the term 'identity' should | be clarified. As written, this requirement could me that the legal name of a | communicating party is to be authenticated, or simply that the identifier, | whether name, email address, IP address, etc. associated with the | communication is authenticated. If the meaning is the former, then it should | be clarified that anonymous and pseudonymous communications must be | supported. If the latter (much simpler from a privacy perspective) then the | scope of this requirement should be narrowed. I think that the latter is intended, but some security experts may disagree. We should try and get consensus on the interpretation, and then maybe reword this requirement to better reflect the intent. Danny proposed to help us with the wording if necessary. Chairs, could we have that on the agenda for this week's teleconference? Thank you. Regards, Hugo 1. http://www.w3.org/2002/ws/arch/2/issues/wsa-issues.html#x3 2. http://www.w3.org/TR/2002/WD-wsa-reqs-20020819#AR006.2.1 3. http://lists.w3.org/Archives/Public/www-wsa-comments/2002Jun/0001.html -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Wednesday, 18 September 2002 13:32:26 UTC