[mdx] what to trust
Leif Johansson
leifj at mnt.se
Tue May 5 02:16:28 PDT 2009
On Tuesday 05 May 2009 05:02:47 am Scott Cantor wrote:
> Leif Johansson wrote:
> > Right now my feeling is that EntityMetadata is associated with 1 or more
> > Location (an EntityDescriptor can come from several places) and that a
> > Location is associated with 0 or more Authentication instances, i.e trust
> > in metadata is dependent on both what is used to establish technical
> > trust (eg a signature) aswell as the location from which the metadata
> > was obtained.
> >
> > Does that sound reasonable?
>
> I can see how a Location can be tied to Authentication, but I'm not sure
> that model encompasses the signature model today where Authentication
> happens independently of the Location.
>
> I tend to think of it solely in terms of Authentication, where that
> optionally may depend on a secure notion of Origin Location as a substitute
> for a signature.
>
> -- Scott
Yes I see your point. I guess there are authentication tied to location (eg a
"proof of posestion of the domain" and to content - a signature). I'll have
to think about how to model that.
Cheers Leif
More information about the mdx
mailing list