[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PICS as CA policy labels
In discussing PICS applications with Jim Miller of W3C, it was suggested that
PICS could be used to supply policy labels for CAs. PICS provides a machine
readable format to load label definitions and support user establishment of
acceptable policies. The machine readable rating system includes text to
describe any particular attribute. A good example can be seen in the
Microsoft browser (3.0 alpha?) where sliders can select the acceptable level
of configured labeling schemas.
The PICS machine readable definition includes human readable definitions.
This seems like a great improvement over the slow process of object ID
definition. There is no need to hard code the "meaning" of a identifier, PICS
carries the text and optionally an icon for the label definition.
For example:
(rating-system "http://www.xyz/CARatings/Description/")
(rating-service "http://www.xyz/v1.0")
(icon "icons/xyz.gif")
(name "The XYZ non-Commercial CA Policy")
(description "The XYZ Council rating of CA assurances is based on only the
last ten minutes of thought on how CAs might be labeled using PICS.")
(default (label-only true))
(category
(transmit-as "a")
(name "Authentication")
(icon "icons/authentication.gif")
(label
(name "Anonymous")
(description "Unique name with no guarantee of identity")
(value 0) (icon "icons/zero.gif"))
(label
(name "Trust Me")
(description "One form of identification sent by e-mail")
(value 1) (icon "icons/one.gif"))
(label
(name "Seems OK to Someone")
(description "Two forms of identification presented in person
to a notary and send by snail mail to XYZ")
(value 2) (icon "icons/two.gif"))
(label
(name "Good enough for Government Work")
(description "Two forms of identification presented in person
with narcotized letter from some ones mother")
(value 3) (icon "icons/three.gif"))
(label
(name "A1 Super Deluxe Identity Check")
(description "Blood samples, genetic tests, three identity cards
2 normalized testimonials and a public key chip
embedded in the brain. Note XYZ corporation is not
liable for any mistakes made in the
authentication process")
(value 4) (icon "icons/four.gif")))
(category
(transmit-as "k")
(name "Key Hygiene")
(icon "icons/key.gif")
(label
(name "Promiscuous")
(description "Private key stored unencrypted in shared file system")
(value 0) (icon "icons/zero.gif"))
(label
(name "None")
(description "Private key written on note by computer screen")
(value 1) (icon "icons/one.gif"))
(label
(name "Some Protection")
(description "Encrypted key stored in file")
(value 2) (icon "icons/two.gif"))
(label
(name "Hardware")
(description "No exposed private keys")
(value 3) (icon "icons/three.gif"))))
Paul
--------------------------------------------------------------
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 413-2963
Redwood Shores, CA 94065 palamber@us.oracle.com
--------------------------------------------------------------
Follow-Ups: