- From: Daniel Ruoso <daniel@ruoso.com>
- Date: Tue, 23 Aug 2005 19:22:29 -0300
- To: www-ws-arch@w3.org
- Cc: daniel@ruoso.com
Hi, After reading the current version of the document, I noticed (and it's actually stated ther) that these two questions are not defined. As I'm thinking a lot about all of these things, I'd like to share my view on the matter. SSL keys, specially X509 keys, are widely used today, indeed, the brazillian government is adopting this standard as the legal digital signature. As you know, it's possible not just to encrypt (privacy) messages, but also to certify authenticity (security). I've been thinking that is possible to build a web-of-trust between the agents in this architecture, allowing, for instance, the agent to sign a temporary key, or even use the key itself to transfer the messages. The big deal is it won't demand a change in WSDL or SOAP, but the transport will have a way to certify the autenticity of the message before parsing the XML. Also, when signing a key, you can specify the trust level, in a way you can apply a policy that some resources/services are available only for keys with N "trust points". In this way, an agent running in a secured environment (a data center) would have more "trust points" than a agent running in a desktop computer. What do you think? daniel P.S.: Please include-me as CCs in all replies, as I'm not subscribed to this list.
Received on Wednesday, 24 August 2005 02:51:37 UTC