[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [PartyId "type" negotiation]
Krishna Sankar said "In normal circumstances, the content would be signed by the Submitting Organization and the registry would keep the documents with the signature. When one receives a document from the registry, one can determine if one wants to trust the document based on the SO's signature." Yes, that satisfies me (I think). I made a slight misstep earlier when I said "the CPA is signed by somebody I trust (the Comptroller of the Currency, maybe?)." Actually, I will trust my Bank's signature of the CPA, assuming I trust its certificate - which is a whole different matter independent of the CPA, CPP or the registry. So where's the problem? In summary, I find the CPA based on a match on any one of a number of <partyId> entries, validate the found CPA's signature, and proceed from there. Again, there's no need to "validate" the <partyId> by Type - I don't have to go to the ABA for Routing numbers, or Dun & Bradstreet for DUNS numbers, or the NMFTA for SCACs. I usually have an ID in hand before I even went "shopping" for the CPA in the registry. I agree with Krishna that I don't need "full and implicit trust on a Registry." But I do need to trust all information I find in the registries, and hence it all must be signed. There's no information I'm willing to send into a rat hole I can't trust, nor am I willing to enter into a CPA with anyone for whom I can't validate their CPP. William J. Kammerer FORESIGHT Corp. 4950 Blazer Pkwy. Dublin, OH USA 43017-3305 +1 614 791-1600 Visit FORESIGHT Corp. at http://www.foresightcorp.com/ "accelerating time-to-trade"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC