- From: Hugo Haas <hugo@w3.org>
- Date: Thu, 26 Sep 2002 16:57:19 +0200
- To: www-ws-arch@w3.org
* Ahmed, Zahid <zahid.ahmed@commerceone.com> [2002-09-18 14:15-0700]
> To literally answer the question posed in the subject of this
> e-mail thread, it seems that:
>
> Participating web services may need to verify the identities
> of multiple participants involved in a web service activity or in
> a SOAP message exchange. Participants may be applications,
> individuals, organizations, and possibly intermediaries. Such
> participants may need to be identified using a range of identity
> tokens with differing levels of security and issuing authorities.
>
> Somme examples of identity tokens are: username/password token,
> binary token, X.509 cert, SAML assertion token, etc.
[..]
* Hal Lockhart <hal.lockhart@entegrity.com> [2002-09-23 14:05-0400]
> I agree with Danny that the terminology is a mess. There should be no
> implication that a real world name MUST be included.
>
> I agree with Zahid. Some examples participants are: Requester, Intermediary,
> Receipent, Codebase.
So, trying to come to a resolution here, would the following rewording
address the issue:
AR006.2.1 The security framework must enable Authentication of the
parties participating to an exchange.
I removed the term "identity" which seems to be the one causing
problems.
Regards,
Hugo
--
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Thursday, 26 September 2002 10:58:01 UTC