OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm] Identity

The essentials are

authentication - I have confidence I know who you are
authorization - I know who you are and I am authorize to request things  
of you and/or you are authorized to requests things of me
integrity - other communications are not being tampered
non-repudiation - neither one of us could later say this exchange did  
not occur

Identity is a part of this but is not sufficient on its own.  Also, it  
is not one way because there is often a need for reciprocity.

Ken

On May 10, 2005, at 11:17 AM, Duane Nickull wrote:

> What about from the Service providers point of view?  I definitely  
> think that identifying service consumers is not required in all cases,  
> however service providers have some form of implied identity.
>
> The expedia example however does raise the question of would you use  
> the site to book a trip if you could not identify it was Expedia's  
> site? If just before you were going to give them your credit card, it  
> jumped to a different domain name?   Identity is implied by the URL  
> resolution process, which in itself places a great deal of security  
> requirements on the entire DNS process.
>
> I am not thinking so much in terms of a service consumer as I am the  
> service provider.  Ajay made the point in his presentation that it  
> would be mandatory to be able to ascertain to some degree that the  
> service you are going to use is the one you want to use.
>
> I would at least like to mention it in the RM as an aspect (perhaps  
> just in passing).  To me, the Service description is probably where a  
> service provider could make a statement of claim regarding their  
> identity and perhaps supply a token, even as simple as a URI, to  
> provide proof.
>
> anyone else?
>
> Duane
>
> --  
> ***********
> Senior Standards Strategist - Adobe Systems, Inc. -  
> http://www.adobe.com
> Chair - OASIS Service Oriented Architecture Reference Model Technical  
> Committee -  
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm
> Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/
> Adobe Enterprise Developer Resources  -  
> http://www.adobe.com/enterprise/developer/main.html
> ***********
>
>
------------------------------------------------------------------------ 
------------------
Ken Laskey
MITRE Corporation, M/S H305     phone:  703-983-7934
7515 Colshire Drive                        fax:        703-983-1379
McLean VA 22102-7508

*** note change of phone extension from 883 to 983 effective 4/15/2005  
***

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]