Comments on XKMS

http://www.xmltrustcenter.org/xkms/docs/XKMS_1.1.pdf

3.3.3 <KeyUsage>
Why not use URIs so this can be extensible and externally specified? (Right 
now can never extend beyond the stated meaning of signature, encryption, or 
exchange.)

3.3.8 Respnse Message
Similar question, are the ResultCodes extensible?

3.3.9 Faults
I do not yet understand the nuances of "expressing this protocol in SOAP" 
versus "XKMS is SOAP application." One possible ramification is that by 
relying upon the SOAP faultcode in this instance, would this also render any 
other modules/messages as a fault within the same SOAP envelop?

6.1.2/3
Why is Signature optional within the KeyBindingAuth and ProofOfPosession 
elements? If those parent elements exist, what else would be included? (This 
applies to some of the other structures in section 6).

A.2 RSA Private Key DATa
You could use the Modulus and Exponenet from the dsig structures.
__
Regards,          http://www.mit.edu/~reagle/
Joseph Reagle     E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E
MIT LCS Research Engineer at the World Wide Web Consortium.

* This email is from an independent academic account and is
not necessarily representative of my affiliations.

Received on Tuesday, 20 March 2001 17:36:09 UTC