Re: XML certificate ... from Hiroshi Maruyama on 2000-05-10 (w3c-ietf-xmldsig@w3.org from April to June 2000)

From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
Date: Wed, 10 May 2000 23:56:41 +0900
To: Gunther Schadow <gunther@aurora.rg.iupui.edu>
cc: XML DSig <w3c-ietf-xmldsig@w3.org>
Message-ID: <492568DB.00718278.00@d22mta10.yamato.ibm.com>

Gunther,
I agree that XML-formatted X.509 certificates, attribute certificates and so on
will be very useful.  As one step towards that direction, we defined a
universal translation between ASN.1 and XML.  The definition, together with
our implementation, is available from IBM's alphaWorks (look for "XML
Security Suite" at http://www.alphaworks.ibm.com/).  From any ASN.1
syntax definition, you can automatically derive the corresponding DTD.
We know that ISO JTC1/SC6 has a new work item called XML Encoding
of ASN.1 and we plan to submit our definition to the working group.

Hiroshi

--
Hiroshi Maruyama
Manager, Internet & Language Technology, Tokyo Research Laboratory
+81-46-215-4576 (Note it has been changed!)
maruyama@jp.ibm.com



From: Gunther Schadow <gunther@aurora.rg.iupui.edu> on 2000/05/10 09:06

To:   XML DSig <w3c-ietf-xmldsig@w3.org>
cc:    (bcc: Hiroshi Maruyama/Japan/IBM)
Subject:  XML certificate ...




Hi,

I have just joined this list. I'm not sure whether this has been discussed
here, but cursory searches have not exactly hit me with obvious results.
So here goes:

As the world reinvents everything using XML, might it not be time to do
the same with certificates?  I think the world of certificates could
use a big shake-up.  Getting rid of X509 and ASN.1 would be a huge
reduction of burdon on any security implementation. It would make
certificate generation and interpretation a snip of a finger.
Compatibility with X509, SPKI, and PGP certificate products could be
provided through XMLifying translators.  The goal would be to have one
generic syntax that can support the approaches of X509, SPKI and PGP all
without these stupid hassles that come with the different presentation
formats.

Isn't there any such activity ongoing already? If not I'd be happy to
hammer out a DTD that would cover X509, SPKI and PGP semantics. I just
have to do this in order to not go insane over this ASN.1 business.

The XML certificate specification could be using XML signature and
XML canonicalization. However, canonicalization isn't exactly a
requirement.

What do you think?
-Gunther

Attachments

application/octet-stream attachment: gunther.vcf

Received on Wednesday, 10 May 2000 16:38:45 UTC