W3C home > Mailing lists > Public > www-xkms-ws@w3.org > November 2001

RE: XKMS 2.0 base working draft

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 21 Nov 2001 12:09:03 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F405869877@vhqpostal.verisign.com>
To: "'Blair Dillaway'" <blaird@microsoft.com>, stephen.farrell@baltimore.ie, Krishna Sankar <ksankar@cisco.com>
Cc: www-xkms-ws@w3c.org
I pretty much agree with Blair here.

The reason I did not address it in the 2.0d1 draft is that I did not want to
make any changes at all that were likely to need extended debate.

Clearly the X-Bulk spec needs to be reconcilled with XKMS in this regard.

At this point I believe that we are looking for XKMS to be prinicpally a Web
Service that may possibly in certain circumstances be used over other
transports. As such I don't feel bad if we say 'the security will be
provided by the transport encapsulation and here is how you extend SOAP to
achieve that'.

	Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Blair Dillaway [mailto:blaird@microsoft.com]
> Sent: Wednesday, November 21, 2001 2:14 PM
> To: stephen.farrell@baltimore.ie; Krishna Sankar
> Cc: www-xkms-ws@w3c.org
> Subject: RE: XKMS 2.0 base working draft
> 
> 
> I suspect the timing will not be right.  There is currently 
> no XML-P WG
> chartered to address the issue of securing SOAP/XML-P 
> messages.  Even if
> there were a near-term action to charter such a group, their 
> specs would
> inevitably lag the XKMS effort.  Based on my understanding of the W3C
> policy on spec dependencies, I don't believe we could have an explicit
> dependency on such a specification.  
> 
> I would hope however, we could build on the basic syntax/structure in
> our recently published ws-security spec assuming it will bear some
> resemblance to an eventual XML-P security spec.  In any 
> event, the XKMS
> group will need to define a detailed 'message security profile'
> explaining exactly what's signed, encrypted, and 
> authenticated for XKMS
> messages and what types of trust infrastructure must be supported.
> This is the only way we'll ever be able to achieve interoperability.
> 
> Blair
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] 
> Sent: Wednesday, November 21, 2001 10:53 AM
> To: Krishna Sankar
> Cc: www-xkms-ws@w3c.org
> Subject: Re: XKMS 2.0 base working draft
> 
> 
> 
> Krishna,
> 
> (I was talking about the timing of the specs.)
> 
> I guess I would tend towards the more self-contained approach -
> something 
> like specifying use of xmldsig and xmlenc "directly" for xkms where 
> we need message level protection (and perhaps tls/ssl where 
> we don't). 
> 
> >         As another point, my hope is that by the time we are ready 
> > with our final version, SOAP security would be far enough for us to 
> > use it.
> 
> I seem to recall Blair making a comment that made me think the 
> opposite on the conference call last week (Blair?).
> 
> Stephen.
> 
> -- 
> ____________________________________________________________
> Stephen Farrell         				   
> Baltimore Technologies,   tel: (direct line) +353 1 881 6716
> 39 Parkgate Street,                     fax: +353 1 881 7000
> Dublin 8.                mailto:stephen.farrell@baltimore.ie
> Ireland                             http://www.baltimore.com
> 



Received on Wednesday, 21 November 2001 15:12:26 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:51:41 EDT