W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: XML certificate ...

From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
Date: Wed, 10 May 2000 23:56:41 +0900
To: Gunther Schadow <gunther@aurora.rg.iupui.edu>
cc: XML DSig <w3c-ietf-xmldsig@w3.org>
Message-ID: <492568DB.00718278.00@d22mta10.yamato.ibm.com>

I agree that XML-formatted X.509 certificates, attribute certificates and so on
will be very useful.  As one step towards that direction, we defined a
universal translation between ASN.1 and XML.  The definition, together with
our implementation, is available from IBM's alphaWorks (look for "XML
Security Suite" at http://www.alphaworks.ibm.com/).  From any ASN.1
syntax definition, you can automatically derive the corresponding DTD.
We know that ISO JTC1/SC6 has a new work item called XML Encoding
of ASN.1 and we plan to submit our definition to the working group.


Hiroshi Maruyama
Manager, Internet & Language Technology, Tokyo Research Laboratory
+81-46-215-4576 (Note it has been changed!)

From: Gunther Schadow <gunther@aurora.rg.iupui.edu> on 2000/05/10 09:06

To:   XML DSig <w3c-ietf-xmldsig@w3.org>
cc:    (bcc: Hiroshi Maruyama/Japan/IBM)
Subject:  XML certificate ...


I have just joined this list. I'm not sure whether this has been discussed
here, but cursory searches have not exactly hit me with obvious results.
So here goes:

As the world reinvents everything using XML, might it not be time to do
the same with certificates?  I think the world of certificates could
use a big shake-up.  Getting rid of X509 and ASN.1 would be a huge
reduction of burdon on any security implementation. It would make
certificate generation and interpretation a snip of a finger.
Compatibility with X509, SPKI, and PGP certificate products could be
provided through XMLifying translators.  The goal would be to have one
generic syntax that can support the approaches of X509, SPKI and PGP all
without these stupid hassles that come with the different presentation

Isn't there any such activity ongoing already? If not I'd be happy to
hammer out a DTD that would cover X509, SPKI and PGP semantics. I just
have to do this in order to not go insane over this ASN.1 business.

The XML certificate specification could be using XML signature and
XML canonicalization. However, canonicalization isn't exactly a

What do you think?

Received on Wednesday, 10 May 2000 16:38:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC