Re: Issue 3: What does "identities of communicating parties" mean (AR006.2.1)?

* Ahmed, Zahid <> [2002-09-18 14:15-0700]
> To literally answer the question posed in the subject of this
> e-mail thread, it seems that:
> Participating web services may need to verify the identities 
> of multiple participants involved in a web service activity or in 
> a SOAP message exchange. Participants may be applications, 
> individuals, organizations, and possibly intermediaries. Such
> participants may need to be identified using a range of identity 
> tokens with differing levels of security and issuing authorities.
> Somme examples of identity tokens are: username/password token, 
> binary token, X.509 cert, SAML assertion token, etc.

* Hal Lockhart <> [2002-09-23 14:05-0400]
> I agree with Danny that the terminology is a mess. There should be no
> implication that a real world name MUST be included. 
> I agree with Zahid. Some examples participants are: Requester, Intermediary,
> Receipent, Codebase.

So, trying to come to a resolution here, would the following rewording
address the issue:

  AR006.2.1 The security framework must enable Authentication of the
            parties participating to an exchange.

I removed the term "identity" which seems to be the one causing



Hugo Haas - W3C -

Received on Thursday, 26 September 2002 10:58:01 UTC