[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm] Identity
This is a tiny hole on top of a vast underground cavern: just because the hole in the ground is small does not mean that the cavern is also tiny. A url is a bag of bits; it is not an appropriate tool to carry the multifarious concept of identity. You cannot separate identity from context -- what is being resolved by the identity. E.g., a URL might be sufficient to know that the site represents the Expedia company. However, you would probably not accept such a token if they were using it to buy something from you -- you would want something that a bank would understand. Interestingly, it is the context -- CC transaction or http request -- that defines what is meant by identity. This generalizes all the way to people's names and even what it means to be human. There is a ton of stuff more to be said on this ... Frank On May 10, 2005, at 8:17 AM, Duane Nickull wrote: > What about from the Service providers point of view? I definitely > think that identifying service consumers is not required in all > cases, however service providers have some form of implied identity. > > The expedia example however does raise the question of would you > use the site to book a trip if you could not identify it was > Expedia's site? If just before you were going to give them your > credit card, it jumped to a different domain name? Identity is > implied by the URL resolution process, which in itself places a > great deal of security requirements on the entire DNS process. > > I am not thinking so much in terms of a service consumer as I am > the service provider. Ajay made the point in his presentation that > it would be mandatory to be able to ascertain to some degree that > the service you are going to use is the one you want to use. > > I would at least like to mention it in the RM as an aspect (perhaps > just in passing). To me, the Service description is probably where > a service provider could make a statement of claim regarding their > identity and perhaps supply a token, even as simple as a URI, to > provide proof. > > anyone else? > > Duane > > -- > *********** > Senior Standards Strategist - Adobe Systems, Inc. - http:// > www.adobe.com > Chair - OASIS Service Oriented Architecture Reference Model > Technical Committee - http://www.oasis-open.org/committees/ > tc_home.php?wg_abbrev=soa-rm > Vice Chair - UN/CEFACT Bureau Plenary - http://www.unece.org/cefact/ > Adobe Enterprise Developer Resources - http://www.adobe.com/ > enterprise/developer/main.html > *********** > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]