>>> * Section 3.9 >>> >>> I am not sure I understand the following text >>> >>> "The utility company may wish to >>> grant access only to authorized devices; for example, a consortium of >>> utility companies and device manufacturers may certify devices to >>> connect to power networks." >>> >>> What does the word certify mean here? I have always understood it to >>> mean testing compliance to certain requirements rather than verification >>> of identity. Can you please clarify? >> >> In this case it would be exactly as you say - testing compliance to certain >> requirements. In the case of utility networks, it might mean that a >> particular device has the "usual" power certifications about how it uses >> electricity, but also certification around its "smartness" - what identity >> technologies it supports, what levels of assurance it can comply with around >> identity assertion, etc. > > Great. In that case, it would be good to change the word "authorized" to > "certified" as it conveys the meaning accurately.
Hi Suresh, Apologies for the absurdly long time it's taken for me to reply. I'm just updating the draft now with everyone's final suggestions/comments. In this case, I actually think "authorised" is a more accurate word that "certified". You are entirely correct that it is certification that is important, however, this certification would be checked at run time through a process of authorisation. So utility companies would indeed grant access to authorised devices, where a major component of the authorisation policy might specific a set of specific certifications... Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist Cardiff University & Janet - the UK's research and education network email: [email protected] / [email protected] GPG: 0xDE2F024C _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
