So just to confirm the proposed resolution: - The scope of KeyBinding ID is just the request message or just the response message. - It is not persistent - KeyBinding ID is not used in matching rules to select target key binding for XKISS and XKRSS KeyBinding element in Reissue, Revoke and Recover requests is used as a pattern to "identify" target key bindings by matching on the combination on KeyInfo/KeyUsage/UseKeyWith values. This still needs a few clarifications : Should matching rule for Reissue/Revoke/Recover be the "exact" match or "superset" match : target.KeyInfo = request.KeyInfo and target.UseKeyWith "is-a-superset-of" request.UseKeyWith and target.KeyUsage "is-a-superset-of" request.KeyUsage or "any" match target.KeyInfo = request.KeyInfo and (isEmpty(request.UseKeyWith) or nonEmptyIntersection(target.UseKeyWith,request.UseKeyWith)) and (isEmpty(request.KeyUsage) or nonEmptyIntersection(target.KeyUsage,request.KeyUsage)) As a formal methods person I like the idea of giving the matching rules as algebra... I think we should go for the 'any' match rules. Otherwise we should specify a match flag and specify values 'exact', 'any', 'superset' as described above. This would be for both the QueryKeyBinding and the TemplateKeyBinding. PhillReceived on Wednesday, 18 December 2002 12:25:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:18 GMT