VOEvent 1.1 new draft with STC elaboration
Alasdair Allan
aa at astro.ex.ac.uk
Mon May 8 09:34:37 PDT 2006
Rob Seaman wrote:
> Steve Allen wrote:
>> Is there any desire to add W3C Signature elements for authentication?
>
> Short answer is yes (although that doesn't equate to consensus on
> the details).
The longer answer is "yes, definitely"...
However I want to see more than an hack to the VOEvent spec before we
consider W3C Signature, as the XML-Signature specification doesn't
yet seem to be widely implemented I want to have some working
examples of signing and verifying an event message. Firstly to see
what'll does to the actual message (not the schema), and secondly to
have a working prototype around.
So, do you have any working code at this point? Even something very,
very, rough and ready would be of interest. Or examples of "signed"
VOEvent messages?
> I'm convinced that rigorous document authentication will be
> required once VOEvent reaches a certain maturity level. (I'm
> becoming more convinced, in fact, that we'll find we need something
> more than a private network is needed to preserve privacy.)
Remember authorisation and authentication are very different beasts.
I think authentication will turn out to be a VOEvent problem, but
authorisation will remain a transport layer problem... and I don't
really think the transport layer is our problem, interesting and we
should keep up to date with how VOEvent is being used. But transport
isn't the VOEvent WG problem...
Al.
More information about the voevent
mailing list