W3C home > Mailing lists > Public > www-xkms-ws@w3.org > November 2001

XKMS 2.0 base working draft

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 21 Nov 2001 09:43:39 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586986E@vhqpostal.verisign.com>
To: www-xkms-ws@w3c.org
All,

	Attached is a Zip file containing an updated draft XKMS 2.0 Draft 1
and schemas to match.

	The idea of this draft is to close up as many issues as possible
that are unlikely to be controvertial.

The main changes in the draft are:

1) Schema coding conventions aligned with XML Dig-sig, SAML
	All elements are of names types for better extensibility

2) Register element split into 4
	Register, Revoke, Reissue, Recover

3) Removed Private Key from responses where it is not required.

Note that the order of the schema does not at present match the order in the
document. This will change once we have a better idea of the best order for
the doc.

I have also partly harmonized X-BULK, see the enclosed schema. I have not
harmonized the Request/Response messages since we have to decide how to
address the signing issue.

Questions, 

1) Should we split Register into 2 so that Register Public Key 
	is separate from Register Server generated key?

2) Add in DSA Private key schema?
	This could be a bad idea since DSA keys should not normally be
escrowed.
	Should there be a prohibition on escrowing signature only RSA keys?
	Contrary view, might use a DSA key for key exchange.

3) Depending on (1) how to redo the AuthXInfo elements in coherent fashion?

4) There is a 'design notes' section that should probably move to the
Requirements doc.

5) How do we address message signing? Profile ws-security? Inline
signatures?

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227




Received on Wednesday, 21 November 2001 12:43:39 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:51:41 EDT