Re: requirements - 4-corner wording from Stephen Farrell on 2002-01-25 (www-xkms@w3.org from January 2002)

From: Stephen Farrell <stephen.farrell@baltimore.ie>
Date: Fri, 25 Jan 2002 09:48:53 +0000
To: Daniel Ash <Daniel.Ash@identrus.com>
CC: "'Rich Salz'" <rsalz@zolera.com>, hirsch@zolera.com, www-xkms@w3.org
Message-ID: <3C512A05.A998E009@baltimore.ie>

Since we're after "xkms MUST NOT preclude..." type language, I don't
think its crucial that we develop an exactly right definition of 
4-corner models, so I'd be ok with Frederick's suggested wording.

The only addition I'd suggest is to note that this stuff mostly 
applies at run-time and not at registration-time (i.e. its locates
and validates that need to be proxied/whatever). This could take
the form of a statement that 4-cornered registration is NOT
REQUIRED I guess.

Regards,
Stephen.

> Daniel Ash wrote:
> 
> The only distinguishing factor of the 4-corner is the "peerwise trust relationship", which is
> certainly out-of-scope for XKMS... which leaves us with an environment that supports referrals
> (even less Identrus-y).  Without referrals it will be more difficult to separate complicated trust
> models (cross-certification, bridges.. etc) from the trust relationship between client and
> service.  This separation, I think, is tantamount in shielding end entities from more complexity
> than necessary.
> 
> Other trust infrastructures could benefit, as much as Identrus could, from a referral mechanism
> (I'm not quite sure what the difference is between referrals and server chaining).  Does anyone
> else agree that a referrals (or server chaining) requirement should replace the 4-corner
> requirement?
> 
> -dan
> 
> > -----Original Message-----
> > From: Rich Salz [mailto:rsalz@zolera.com]
> > Sent: Thursday, January 24, 2002 1:02 PM
> > To: hirsch@zolera.com
> > Cc: www-xkms@w3.org
> > Subject: Re: requirements - 4-corner wording
> >
> >
> > How about making the definition less Identrus-y?
> >
> > 4-corner model
> > A processing and/or trust environment where end-entities
> > interact with a
> > single trusted point of contact, and each such contact has a peerwise
> > trust relationship with all other contacts.
> >       /r$
> > --
> > Zolera Systems, http://www.zolera.com
> > Information Integrity, XML Security
> >

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Received on Friday, 25 January 2002 06:40:08 UTC