[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PICS as CA policy labels




 
 
 
In discussing PICS applications with Jim Miller of W3C, it was suggested that 
PICS could be used to supply policy labels for CAs.  PICS provides a machine 
readable format to load label definitions and support user establishment of 
acceptable policies.   The machine readable rating system includes text to 
describe any particular attribute.  A good example can be seen in the 
Microsoft browser (3.0 alpha?) where sliders can select the acceptable level 
of configured labeling schemas. 
 
The PICS machine readable definition includes human readable definitions.  
This seems like a great improvement over the slow process of object ID 
definition.  There is no need to hard code the "meaning" of a identifier, PICS 
carries the text and optionally an icon for the label definition. 
 
For example: 
 
(rating-system "http://www.xyz/CARatings/Description/") 
 (rating-service "http://www.xyz/v1.0") 
 (icon "icons/xyz.gif") 
 (name "The XYZ non-Commercial CA Policy") 
 (description "The XYZ Council rating of CA assurances is based on only the 
last ten minutes of thought on how CAs might be labeled using PICS.") 
 (default (label-only true)) 
 (category  
  (transmit-as "a") 
  (name "Authentication") 
  (icon "icons/authentication.gif") 
  (label 
   (name "Anonymous") 
   (description "Unique name with no guarantee of identity") 
   (value 0) (icon "icons/zero.gif")) 
  (label 
   (name "Trust Me") 
   (description "One form of identification sent by e-mail") 
   (value 1) (icon "icons/one.gif")) 
  (label 
   (name "Seems OK to Someone") 
   (description "Two forms of identification presented in person 
                  to a notary and send by snail mail to XYZ") 
   (value 2) (icon "icons/two.gif")) 
  (label 
   (name "Good enough for Government Work") 
   (description "Two forms of identification presented in person 
                  with narcotized letter from some ones mother") 
   (value 3) (icon "icons/three.gif")) 
  (label 
   (name "A1 Super Deluxe Identity Check") 
   (description "Blood samples, genetic tests, three identity cards 
                 2 normalized testimonials and a public key chip  
                  embedded in the brain.  Note XYZ corporation is not 
                liable for any mistakes made in the  
                 authentication process") 
   (value 4) (icon "icons/four.gif"))) 
 
 (category  
  (transmit-as "k") 
  (name "Key Hygiene") 
  (icon "icons/key.gif") 
  (label 
   (name "Promiscuous") 
   (description "Private key stored unencrypted in shared file system") 
   (value 0) (icon "icons/zero.gif")) 
  (label 
   (name "None") 
   (description "Private key written on note by computer screen") 
   (value 1) (icon "icons/one.gif")) 
  (label 
   (name "Some Protection") 
   (description "Encrypted key stored in file") 
   (value 2) (icon "icons/two.gif")) 
  (label 
   (name "Hardware") 
   (description "No exposed private keys") 
   (value 3) (icon "icons/three.gif")))) 
 
 
 
Paul 
 
 
-------------------------------------------------------------- 
Paul Lambert                     Director of Security Products 
Oracle Corporation                       Phone: (415) 506-0370 
500 Oracle Parkway, Box 659410             Fax: (415) 413-2963 
Redwood Shores, CA  94065               palamber@us.oracle.com 
-------------------------------------------------------------- 
  



Follow-Ups: