- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 21 Nov 2001 09:43:39 -0800
- To: www-xkms-ws@w3c.org
- Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40586986E@vhqpostal.verisign.com>
All, Attached is a Zip file containing an updated draft XKMS 2.0 Draft 1 and schemas to match. The idea of this draft is to close up as many issues as possible that are unlikely to be controvertial. The main changes in the draft are: 1) Schema coding conventions aligned with XML Dig-sig, SAML All elements are of names types for better extensibility 2) Register element split into 4 Register, Revoke, Reissue, Recover 3) Removed Private Key from responses where it is not required. Note that the order of the schema does not at present match the order in the document. This will change once we have a better idea of the best order for the doc. I have also partly harmonized X-BULK, see the enclosed schema. I have not harmonized the Request/Response messages since we have to decide how to address the signing issue. Questions, 1) Should we split Register into 2 so that Register Public Key is separate from Register Server generated key? 2) Add in DSA Private key schema? This could be a bad idea since DSA keys should not normally be escrowed. Should there be a prohibition on escrowing signature only RSA keys? Contrary view, might use a DSA key for key exchange. 3) Depending on (1) how to redo the AuthXInfo elements in coherent fashion? 4) There is a 'design notes' section that should probably move to the Requirements doc. 5) How do we address message signing? Profile ws-security? Inline signatures? Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227
Attachments
- application/octet-stream attachment: Phillip_Hallam-Baker__E-mail_.vcf
- application/octet-stream attachment: XKMS_2_0.zip
Received on Wednesday, 21 November 2001 12:43:39 UTC