OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Using RDDL as a Distributed Registry Architecture

[ Lists Home | Date Index | Thread Index ]

Rich Salz wrote:
>>I cetainly would not accept such an authority. I'd preffer distributed
>>metadata bundled with the subject resources.
> The problem is trust, from a security/crypto viewpoint.  If you have a
> distributed directory (which, I agree, is basically what you want),

He said distributed metadata. You said distributed directory. I'm not 
sure if you're talking about the same thing. A WSDL or RDF file on my 
server is distributed metadata but it isn't a distributed directory.

> handling trust becomes difficult.

Many people feel otherwise. They feel that the centralization degrades 
security because it erects a single point to attack and introduces a 
third-party into transactions that would otherwise only involve two.

They also feel that DNS is bad because it is a *centralized* directory:

"The insecure names trap:

1. Assume that you need arbitrary keys including non-self-authenticating 
2.	Think about the problem of crossing trust boundaries, and solve by 
delegating to a "trusted third party".

3.	Forever after you will be vulnerable to 
MicrosoftNSIVerisignICANNUSGovInc. and anyone (including their 
employees) who can subvert one of their servers. When this bloated 
monopoly screws something up, your system will pay the price for their 
incompetence. You will not be able to choose a different name authority, 
because everyone else will also be tied to the central monopoly and you 
will need their service in order to interoperate with the world. (Does 
this scenario sound familiar to any sysadmins out there?) In addition, 
they will charge you a tax on every packet for the privilege of 
continued service."


I guess it depends on what you mean by "trust". And that in turn depends 
on the problem domain.

  Paul Prescod


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS