[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm] Identity
The essentials are authentication - I have confidence I know who you are authorization - I know who you are and I am authorize to request things of you and/or you are authorized to requests things of me integrity - other communications are not being tampered non-repudiation - neither one of us could later say this exchange did not occur Identity is a part of this but is not sufficient on its own. Also, it is not one way because there is often a need for reciprocity. Ken On May 10, 2005, at 11:17 AM, Duane Nickull wrote: > What about from the Service providers point of view? I definitely > think that identifying service consumers is not required in all cases, > however service providers have some form of implied identity. > > The expedia example however does raise the question of would you use > the site to book a trip if you could not identify it was Expedia's > site? If just before you were going to give them your credit card, it > jumped to a different domain name? Identity is implied by the URL > resolution process, which in itself places a great deal of security > requirements on the entire DNS process. > > I am not thinking so much in terms of a service consumer as I am the > service provider. Ajay made the point in his presentation that it > would be mandatory to be able to ascertain to some degree that the > service you are going to use is the one you want to use. > > I would at least like to mention it in the RM as an aspect (perhaps > just in passing). To me, the Service description is probably where a > service provider could make a statement of claim regarding their > identity and perhaps supply a token, even as simple as a URI, to > provide proof. > > anyone else? > > Duane > > -- > *********** > Senior Standards Strategist - Adobe Systems, Inc. - > http://www.adobe.com > Chair - OASIS Service Oriented Architecture Reference Model Technical > Committee - > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm > Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ > Adobe Enterprise Developer Resources - > http://www.adobe.com/enterprise/developer/main.html > *********** > > ------------------------------------------------------------------------ ------------------ Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508 *** note change of phone extension from 883 to 983 effective 4/15/2005 ***
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]