W3C home > Mailing lists > Public > www-xkms@w3.org > December 2002

FW: Changelog A2

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Tue, 17 Dec 2002 09:28:17 -0800
Message-ID: <CE541259607DE94CA2A23816FB49F4A310FEFC@vhqpostal6.verisign.com>
To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
 Issue 25:

 Element <ResponseMechanism> 

The <ResponseMechanism> element in the request specifies one or more
strings included in the request that specify extended protocol
mechanisms that the client supports in connection with a request.

ResponseMechanism values are specified as QNames, the following
identifiers are defined:

Identifier	 Description	
xkms:Pending	 The requestor is prepared to accept a response that
uses asynchronous processing, i.e. the service MAY return the
MajorResult code xkms:Pending	
xkms:Represent	 The requestor is prepared to accept a response that
uses the two phase protocol, i.e. the service MAY return the MajorResult
code xkms:Represent	
xkms:RequestSignatureValue	 The requestor is prepared to accept a
response that carries a <RequestSignatureValue> element.	

The following schema defines the <ResponseMechanism> element::


Element <ResultAbstractType>

The ResultAbstractType abstract type is the type from which all XKMS
response element types are derived. The ResultAbstractType abstract type
inherits the element and attributes of the MessageAbstractType abstract
type and in addition contains the following attributes

<RequestSignatureValue> [Optional] 

The value of the ds:SignatureValue element of the corresponding request.


Element <RequestSignatureValue>

The <RequestSignatureValue> element provides a cryptographic linkage
between the request and the response. 

A service SHOULD include the <RequestSignatureValue> element element in
a response if the following conditions are satisfied and MUST NOT
include the value otherwise:

*	The <ds:Signature> element was present in the corresponding

*	The service successfully verified the <ds:Signature> element in
the corresponding request, and 

*	The ResponseMechanism xkms:RequestSignatureValue was specified.

If the <RequestSignatureValue> element is present in a response the
requestor MUST reject the message if either:

*	The corresponding request was not authenticated, or: 

*	The value ds:Signature/ds:SignatureValue in the request does not
match the value RequestSignatureValue in the response.

The <RequestSignatureValue> element is of ds:SignatureValueType type
specified in the XML Signature specification  <outbind://2/#XML-SIG>


Then in the protocols section:



Authenticated Request 

If the request and the response are authenticated the correspondence of
the request and response may be determined by verifying the value of
RequestID in the response. 

Digest Authenticated Request 

If the original request was authenticated by means of a message digest,
the service can still ensure a strong binding of the response to the
original request by means of the <RequestSignatureValue> element. 

Received on Tuesday, 17 December 2002 12:28:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:40 UTC