RE: transaction specific policies from Daniel Ash on 2002-08-20 (www-xkms@w3.org from August 2002)

From: Daniel Ash <Daniel.Ash@identrus.com>
Date: Tue, 20 Aug 2002 10:27:52 -0400
To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>
Cc: "'www-xkms@w3.org '" <www-xkms@w3.org>
Message-ID: <2B55DABB95C4D4119C1300508BD953F1A1AAED@BLUE01>

Stephen,

I'd prefer one option as well.  It seems that useWith wasn't intended for
this kind of use.  

The service URL seems to work, however, in an environment like Identrus,
where a validation requests is handed from one trusted third party to
another, the policy binding is far more manageable as part of the message
itself, rather than implicit through the service URL.

The way policy is managed within Identrus and other financial industry
activities, there's a need to bind policy to both a key and to a
transaction.  key policy is always associated with a key.  transaction with
a specific type of transaction.  I'm not sure how to bind either in XKISS.  

this seems most important if XKISS is allow third parties to manage policy
bindings instead of the user.  a user may only have one application, while a
third party may manage hundreds. 

-dan

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
Sent: Tuesday, August 20, 2002 10:14 AM
To: Daniel Ash
Cc: 'www-xkms@w3.org '
Subject: Re: transaction specific policies

> Daniel Ash wrote:
> 
> I'm trying to understand the best way to use XKISS in a particular
scenario.  one which is likely
> to be very common in the financial community.
> 
> The same key is used for multiple transaction-specific policies.  an
example of this type of
> policy is the European Signature policy.  liability models will vary from
one such policy to
> another.  considering the same key is used, the trusted third party must
me able to monitor
> liability exposure in order effectively manage risks associated with the
particular transaction
> type/policy.  It also would need to make the statement: "this key is
valid/invalid for this type
> of transaction".
> 
> The options I'm aware of are:
> 1.)  use a different XKISS service URL for each transaction type.
> 2.)  extend the useWith element with custom transaction types.

I'd generally try go for #1, but this is an implementation issue.

> are there more options?  which is the most appropriate?

I don't see why we want more options.

Stephen.

> 
> -dan
> Identrus

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Received on Tuesday, 20 August 2002 10:28:01 UTC