W3C home > Mailing lists > Public > www-xkms@w3.org > December 2002

UseKeyWith / Policy Writeup

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 11 Dec 2002 22:04:43 -0800
Message-ID: <CE541259607DE94CA2A23816FB49F4A34D6730@vhqpostal6.verisign.com>
To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
The interpretation of UseKeyWith depends on the enclosing construct.

QueryKeyBinding / TemplateKeyBinding
	A key binding is requested that meets the specified criteria. If
the service is unable to meet the criteria exactly 'best guess' is
acceptable.

UnverifiedKeyBinding / KeyBinding
	The key may be used for the purpose specified (if unverified
after validation). If more than one use key with is specified then all
are applicable jpointly and severaly


	UseKeyWith application identifiers MAY be used to represent key
binding issuance and/or use policies. 
	Means that the key complies with the stated policy

	In the case that a client follows a referral model in which raw
key binding information is obtained from a Locate service then forwarded
to a validate service the UseKeyWith elements in the query should in
both cases specify the uses for which the application intends to use the
key. Applications SHOULD NOT forward UseKeyWith elements returned in a
Locate result in a subsequent validate query.

	The use of policy identifiers in usekeywith is only appropriate
in cases where the client understands the implications of the policy.
This use case is not applicable to the minimal PKI client case.









Received on Thursday, 12 December 2002 01:04:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:18 GMT