[131] in WWW Security List Archive
Security, IETF Working Group, electronic payment etc.
daemon@ATHENA.MIT.EDU (Vijay Varadharajan)
Tue Sep 27 10:42:58 1994
From: Vijay Varadharajan <vv@hplb.hpl.hp.com>
To: www-buyinfo@allegra.att.com, www-security@ns1.rutgers.edu
Date: Tue, 27 Sep 94 12:12:01 BST
Cc: vv@hplb.hpl.hp.com
Reply-To: Vijay Varadharajan <vv@hplb.hpl.hp.com>
I have been a member of the www-security and www-buyinfo group
for sometime now, and I see a number of ideas and problems
being talked about. I have been in the area of security for
quite sometime now, and I see there is overlap and applicability
of solutions that have been previously thought about relevant here.
Of course for any security, the starting point
is always the the threats and attacks that one is likely
to encounter in an environment, and perhaps more importantly
out of this perceived set of threats what are those for
which we need countermeasures. In other words, which of the
ones that we need to address - commercially - which is important
for businesses.
I feel that it is important for the community (www, commerce, security)
to address the problems in securing electronic business
over internet in a systematic and thorough way - avoiding proprietary
and may be piecewise manner. In this context, I would very much
like to encourage the setting up of a working group addressing
the key issues : in particular, what do we need in the area
of electronic commerce security requirements, security mechanisms required,
schemes for electronic charging and payment. In fact the key thing is
that these schemes should be able to cater for and simulate current
commercial practices.
With respect to doing business electronically in a secure way, the
issues of distributed authentication and authorization
play a key role. In particular, who has the security (authentication,
authorization) information, who can verify what, and who can decide
anbd enforce what. This leads to what types of disputes that can be
addressed by the schemes.
My expertise is in the area of security for distributed systems and
applications, and my current interest is in the charging and payment
for electronic transactions over wide area networks. I strongly support
the formation of a subgroup (IETF ?) to address some of these issues.
Vijay Varadharajan
----------------------------------------------------------------------
Vijay Varadharajan email : vv@hplb.hpl.hp.com
Project Manager
Distributed System Security Group
Hewlett-Packard Labs., U.K.
-----------------------------------------------------------------------
