On 30/1/09 13:24, Denis McCarthy wrote:
Hi Anders,
I think this gets to the nub of the point at issue. Our customers often have several stores. We do not want our X509 certificates to be 'per user' because what is critical for us is in which *store* the transaction
Oh, I see! You have an application in mind and you think that X.509 will help you build an application? Sorry, slight problem there. X.509 is a public key system built to a particular security model. Transactions are something else, they are a business application, with very particular and specialised needs. Using X.509 to do transactions is like using a shovel to build a skyscraper. Yes, there are shovels on building sites, but there are so many scale and scope problems that it's a non-starter as a conversation.
Or, to put it another way, your earlier intuition was closer: X.509 is a user concept, not a transaction concept.
was executed in (what user performed the transaction is of secondary importance - we want to ensure the user is authenticated (which we do with usernames and passwords), but the store information is paramount).
Why doesn't the transaction record what store it was conducted in? iang -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
