[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Response to your comment
Pine,
Thanks for your clarification on the authentication.
Yes, in the Web Service security world, the word “credential” is used for
authentication. The service, base on the credential presented in SOAP
header, makes the authentication decision for each request message. In
EERP, the rating of a service is to show the credibility of a service from
a given service provider. When there are many service providers who
provide same type of the service, the rating of the service will tell which
provider is better than other services by how many credentials are present
by each service provider.
We will modify the EERP Rating spec for this clarification, and add some
text like this: “Credentials may be issued with respect to a service
provider and service by organizations regulating the service such as
licenses, permissions, certifications, awards, associations, and
affiliations. This is not the credential for authentication in the security
term. Instead, they are credentials that the service provider wishes to
shown its credibility for providing the service.”
The rating service is provided by a rating service provider. For the same
type of services, the rating service provider will give a rating number for
each service provider for the service that it provides. Rating service
provider is a special business which rates the services for each service
providers and provides the results to the interested party.
Best regards,
Andy Lee,
SOA-EERP TC Co-chair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]