> If you were providing access to a clinical system via Web
> technologies then I think SSL (with other application-level
> security protection on top) would be a minimum starting
> requirement

I don't think SSL is an appropriate mechanism. You may be able to
fix the integrity concerns by having every web page (and every
request for one) digitally signed, but then you have to implement a
signature mechanism either in the browser or in a proxy client. Given
that the popular browsers are supplied object code only and that
their security interfaces are very difficult to work with, you end up
with a proxy. Given that, you might as well encrypt in the proxy too
and free yourself of the SSL overhead.

SSL was originally designed so that electronic shoppers could get
their credit card numbers and expiry dates to a merchant web site,
encrypted using a public key supplied by the server and certified by
Netscape. However web clients aren't authenticated so you can't do
access control in any rigorous way.

VISA/MasterCard/Microsoft didn't like SSL and so they designed SET,
with which web-based credit card transactions must conform from early
next year. So the business case for SSL has fallen away. Hopefully it
will be replaced with something better.

> Now if someone had cleverly tampered with the cached page in the
> proxy

That may well be what had heppened with the crypto company I
mentioned. I don't know and it's unlikely they'll tell me - if they
ever find out!

> not so sure your example, though clearly a worry and requiring
> protecting against, is a show-stopper for my Web/interactive
> paradigm.

What may be is the new proposal by UK ISPs that they will escape
legislation about porn on the net by adopting a voluntary scheme (i.e.
coercing it on their customers). Under this, all web pages will have to
have a `rating', something akin to a cinema rating (Al-Hackem's will be
XXX for sure!).

To get this, your web pages will have to be submitted to an agency in
America that claims IPR over this crazy idea, and in return for a fee
they will issue the page with an official mark. The mark will
intially be protected by trademark law (the bit string you need to
include contains their trademark) and later by digital signatures.

The idea is that future versions of Microsoft's and Netscape's
browsers won't show pages without the authorised mark. Using it,
parents can control what their kiddies see.

Of course this would be the end for interactively generated web pages
such as altavista, and the reaction from industry is `we won't use
it' (CEO of banking software house with whom I discussed this
yesterday evening). So hopefully it will all go away; it seems
ludicrous that one American company might become the sphincter
through which all the web authors in the world must wriggle. But if a
panicky government were to legislate for it in the run-up to the
election, then it could be the show stopper you fear

Ross



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%