- From: David Cross <dcross@microsoft.com>
- Date: Mon, 23 Sep 2002 08:43:34 -0700
- To: <Yassir.Elley@Sun.COM>, <www-xkms@w3.org>
Looks good. Possible suggestion for the Locate text - the client may only want the EE cert or key: "The Locate operation can be used by clients that wish to outsource only public key, certificate or certificate path discovery." Regards, David B. Cross -----Original Message----- From: yassir elley [mailto:yassir.elley@Sun.COM] Sent: Monday, September 23, 2002 7:43 AM To: www-xkms@w3.org Subject: Locate/Validate clarification Here is some proposed text we can use to clarify the distinction between a Locate service and a Validate service. This text can be used to replace the text in Section 3.3. " The Locate and Validate operations are similar in that they can both be used by a client to offload certificate processing to a web service. However, they differ in three fundamental ways: the number of tasks that the operation is expected to perform, the amount of trust delegated to the operation, and the number of outputs returned from the operation. The Validate operation can be used by clients that wish to outsource both certificate path discovery and certificate path validation. Since validation is being outsourced, the client must heavily trust the web service that performs the Validate operation. Furthermore, the client has no need to acquire any of the relevant data (such as certificates or CRLs) since the client is not performing a local validation. The Locate operation can be used by clients that wish to outsource only certificate path discovery. In this case, the client must trust the web service that performs the Locate operation to the same degree that it would trust a repository. Since the client wishes to do the certificate validation themselves, the client requires that all the relevant data (such as certificates and CRLs) be returned by the operation. " Regards, Yassir.
Received on Monday, 23 September 2002 11:44:10 UTC