Locate/Validate clarification from yassir elley on 2002-09-23 (www-xkms@w3.org from September 2002)

From: yassir elley <yassir.elley@Sun.COM>
Date: Mon, 23 Sep 2002 10:43:03 -0400
To: www-xkms@w3.org
Message-ID: <3D8F2877.2108E4B6@Sun.COM>

Here is some proposed text we can use to clarify the
distinction between a Locate service and a Validate service.
This text can be used to replace the text in Section 3.3.

"	 
 The Locate and Validate operations are similar in that they can both 
 be used by a client to offload certificate processing to a web service.
 However, they differ in three fundamental ways: the number of tasks 
 that the operation is expected to perform, the amount of trust delegated
 to the operation, and the number of outputs returned from the
 operation.

 The Validate operation can be used by clients that wish to outsource
 both certificate path discovery and certificate path validation.
 Since validation is being outsourced, the client must heavily trust 
 the web service that performs the Validate operation. Furthermore,
 the client has no need to acquire any of the relevant data (such
 as certificates or CRLs) since the client is not performing a
 local validation.

 The Locate operation can be used by clients that wish to outsource only   certificate path discovery. In this case, the client must trust the
 web service that performs the Locate operation to the same degree that
 it would trust a repository. Since the client wishes to do the 
 certificate validation themselves, the client requires that all 
 the relevant data (such as certificates and CRLs) be returned by the
 operation. 
"

Regards,
Yassir.

Received on Monday, 23 September 2002 10:43:36 UTC