- From: Stephen Farrell <stephen.farrell@baltimore.ie>
- Date: Wed, 21 Aug 2002 11:15:59 +0100
- To: reagle@w3.org
- CC: Daniel Ash <Daniel.Ash@identrus.com>, "'www-xkms@w3.org '" <www-xkms@w3.org>
From memory, don't we have the service URL in the request and (perhaps munged) in the response already (for security reasons)? So isn't that enough of a policy identifier? If you say "yes", I'm happy. This does mean though that there's no way that a client could indicate (in a standard fashion) things like the transaction amount to the server. I think that's the right approach, but want to be sure we're clear. (The reason I'm going on about this is that I've seen projects where the most unbelieveable stuff was being passed about using OCSP, which for a PKI product vendor, is a PITA;-) Stephen. Joseph Reagle wrote: > > On Tuesday 20 August 2002 02:11 pm, Daniel Ash wrote: > > i would suggest for xkms to say less (nothing) about the format and > > meaning of a policy than x509. maintain the ability to bind policy to a > > key (for PKIs that don't use certificates). and to add the capability to > > bind policy to a transaction (cert or certless PKIs). identifiers only. > > I agree. Presently it is ambigous as to what the meaning of a validation > means, and if there is an identifier associated with the transaction it is > no longer ambigous -- even if the definition itself is out of scope. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
Received on Wednesday, 21 August 2002 06:16:07 UTC