- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 11 Dec 2002 22:04:43 -0800
- To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
- Message-ID: <CE541259607DE94CA2A23816FB49F4A34D6730@vhqpostal6.verisign.com>
The interpretation of UseKeyWith depends on the enclosing construct. QueryKeyBinding / TemplateKeyBinding A key binding is requested that meets the specified criteria. If the service is unable to meet the criteria exactly 'best guess' is acceptable. UnverifiedKeyBinding / KeyBinding The key may be used for the purpose specified (if unverified after validation). If more than one use key with is specified then all are applicable jpointly and severaly UseKeyWith application identifiers MAY be used to represent key binding issuance and/or use policies. Means that the key complies with the stated policy In the case that a client follows a referral model in which raw key binding information is obtained from a Locate service then forwarded to a validate service the UseKeyWith elements in the query should in both cases specify the uses for which the application intends to use the key. Applications SHOULD NOT forward UseKeyWith elements returned in a Locate result in a subsequent validate query. The use of policy identifiers in usekeywith is only appropriate in cases where the client understands the implications of the policy. This use case is not applicable to the minimal PKI client case.
Received on Thursday, 12 December 2002 01:04:46 UTC