Way to tell if it is an XO
Michael Stone
michael at laptop.org
Wed Dec 10 13:26:17 EST 2008
On Wed, Dec 10, 2008 at 09:56:39AM -0200, Marcel Renaud wrote:
>Thanks a lot for your answers.
>
>Yes, I think a shared credentials are the best way.
>
>Basically we want to offer a service just for the Xos and are working now on
>the authentication model.
>We are going to use webservices with
>WSS<http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss>
>and place a signed key on each XO that is going to use the service, to
>authenticate with the webservice provider.
Marcel,
Is it important to keep the credential(s) secret? If so:
* why?
* for how long?
* against what attack(s)?
* how?
* if (when) they leak, what next?
Also, what are the incentives for keeping the credentials secret? for
publishing them?
Regards,
Michael
More information about the Devel
mailing list