- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 3 Feb 2003 08:20:09 -0800
- To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
- Message-ID: <CE541259607DE94CA2A23816FB49F4A3F70298@vhqpostal6.verisign.com>
1 Changed all the .test examples to example.com 2 Using Locate and Validate I think the problem here was that the text gave an example that was perhaps too specific. So I have removed the diagram and reworded extensively taking into account the issues raised by Joseph. The new text does not mention a specific example, I think the PGP example proposed by Joseph would have led to the same type of issues that the S/MIME example did. Instead we note that Validate is intrinsically narrower in the audience it serves, in particular it only provides valie to clients that trust it, clients that don't trust it should be using locate since the validate service might well apply the wrong validation criteria. Using Locate and Validate The Locate and Validate operations are both used to obtain information about a public key from an XKMS Service. Locate and Validate services are both expected to attempt to provide correct information to the requestor. The Locate and Validate services differ in the extent to which the service vouches for the trustworthiness the information returned. A Location service SHOULD attempt to provide only information which is trustworthy to the best of its knowledge but does not provide any assurance that it will do so. Information obtained from a Locate service SHOULD NOT be relied upon unless it is validated. Validation may be achieved by forwarding the data to a Validate service or by performing the necessary trust path verification locally. A Validation service undertakes to only return information which has been positively validated by the XKMS Service as meeting specific validation criteria. A client MAY rely on the information returned by the service without further validation provided that the client has a means to determine that the information returned is authentic and is assured that the trust service applied the means of validation appropriate to the circumstances. No single set of validation criteria are appropriate to every circumstance. Applications involving financial transactions are likely to require the application of very specific validation criteria that ensure that certain contractual and/or regulatory policies are enforced. The Locate service provides a key discovery function that is neutral with respect to the validation criteria that the client application may apply. The Validate service provides a key discovery and validation function that produces a results which are each specific to a single set of validation criteria.
Received on Monday, 3 February 2003 11:20:11 UTC