Security Considerations


The security limitations of this specification are no more significant than those already identified in Reference 2. In particular, the rules Only What Is Signed Is Secure, Only What Is "Seen" Should Be Signed, and "See" What Is Signed should be applied.

It is recommended that, where certitude of information is important, only the signed information is transmitted or stored-in other words, the PIDF-LO document formed by performing the transform. This ensures that no additional information may be misconstrued as being verifiable. This is particularly applicable if the contents of the PIDF-LO document are displayed on screen.

A degree of trust must exist between the domain authority and the location user. It is the responsibility of the location user to verify the identity of the domain authority and assert the appropriate level of trust. If the location user is unable to validate the identity of the domain authority for any reason, then the PIDF-LO document must be considered unsigned.



IP Location
IP Location
ISBN: 0072263776
EAN: 2147483647
Year: 2004
Pages: 129

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net