[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] SV: Copyrighting schemas, Hailstorm
comments inlined If you don't care reading the whole mail, the answer to the question of whether implementors can claim ownership of means of identification is no, and that it should be public. However, I do have some questions, so I'd really appreciate it if you looked through it. -----Ursprungligt meddelande----- Från: Bullard, Claude L (Len) [mailto:clbullar@i...] Skickat: den 1 juni 2001 21:27 Till: Dimitris Dimitriadis Kopia: XML DEV Ämne: RE: Copyrighting schemas, Hailstorm Ok, but a term for which we have no useful definition does not provide much that is useful. This dips into the philosophy of self and that is irrelevant. [dd] Which it the term for which you have no useful definition? And why would philosophy of the self be irrelevant? Are you absolutely convinced that our discussion has absolutely nothing to do with concepts of the self, of which you are presumably not particularly fond? I take it that it is the very concepts in, among other disciplines, philosphy of self, that by far precede any technical and implementation specific discussion. Identification or assertion of identity is an act and auditing the act is doable. One act asserts identity and another asserts the correctness of the assertion (authentication). In a wide open system, ensuring the actor owns the asserted property is very difficult. That is why the most highly secured systems are in vaults and have no external connections. Protection is commensurate with risk. As individuals risk more, they want and need more protection. Hailstorm is MS trying to both enable more services across more platforms while enabling more protection. The question is does it work? Then who works it? [dd] The question is not if it works. Everything works if properly tweaked. The question is if we want it to work. And in case we do, the answer to your last question is "whoever we allow to work it". Simple as that. And that is where I thought the argumentation took off. Besides, I gave you a perfectly good example of where the kind of information that resides in a computer in a vault ended up on my computer on my desktop in an office (the insurance example). But the original question is if the means is system wide, can they assert ownership of means. [dd] If I have a particular set of identification means (password, voice, retinal scan, fingerprint, what have you) and rest assured that that's enough and they can be forged and used by others, we end up in the pig loving donkey case (only difference being that I have less money and more bills, possibly even a secret lover I didn't know of until then). If, on the other hand, we can come up with alternative means that cannot be forged, we can rest assured that nothing bad will happen. [dd] I don't know if those alternative means can be made secure enough to work in an environment of distributed, fully readable, text based, descriptions of services. This non-forgeable set of means would have to be public, yes, in order for the publically authorized party to play the role of authenticator. So they (the other guys) could not claim ownership, no. [dd] How this would work is a totally different question. Except in the case, of course, where it is made manually by a bunch of employees in a vault somewhere running between computers that are online and computers that are not and press buttons according to whatever info they have on their off line machines to validate incoming transaction requests. But that doesn't sound likely. [dd] So, the question really becomes: Can we think up a series of digital authentication means that are sound enough to use as we would use our ID or passport today? If so, would a company's ownership (or use) of those be hazardous as to the integrity of the person identified using them? In short, SHOULD they have ownership? And that is the question to which my answer is no. It is up to someone else to discuss the technical details of implementing it. /Dimitris
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|