[mdx] what to trust
Scott Cantor
cantor.2 at osu.edu
Mon May 4 20:02:47 PDT 2009
Leif Johansson wrote:
> Right now my feeling is that EntityMetadata is associated with 1 or more
> Location (an EntityDescriptor can come from several places) and that a
> Location is associated with 0 or more Authentication instances, i.e trust
> in metadata is dependent on both what is used to establish technical
> trust (eg a signature) aswell as the location from which the metadata
> was obtained.
>
> Does that sound reasonable?
I can see how a Location can be tied to Authentication, but I'm not sure
that model encompasses the signature model today where Authentication
happens independently of the Location.
I tend to think of it solely in terms of Authentication, where that
optionally may depend on a secure notion of Origin Location as a substitute
for a signature.
-- Scott
More information about the mdx
mailing list