RE: Issue 116 from Hallam-Baker, Phillip on 2002-12-18 (www-xkms@w3.org from December 2002)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 18 Dec 2002 09:25:27 -0800
To: Slava Galperin <slava.galperin@sun.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: "Www-Xkms (E-mail)" <www-xkms@w3.org>
Message-ID: <CE541259607DE94CA2A23816FB49F4A3953C1B@vhqpostal6.verisign.com>

 

So just to confirm the proposed resolution: 

- The scope of KeyBinding ID is just the request message or just the
response message. 
- It is not persistent 
- KeyBinding ID is not used in matching rules to select target key
binding for XKISS and XKRSS 


KeyBinding element in Reissue, Revoke and Recover requests is used as a
pattern to "identify" target key bindings by matching on the combination
on KeyInfo/KeyUsage/UseKeyWith values. 


This still needs a few clarifications : 


Should matching rule for Reissue/Revoke/Recover be the 
    "exact" match  
    or "superset" match : 
        target.KeyInfo = request.KeyInfo and 
        target.UseKeyWith "is-a-superset-of" request.UseKeyWith and 
        target.KeyUsage "is-a-superset-of" request.KeyUsage 
    or "any" match 
        target.KeyInfo = request.KeyInfo and 
        (isEmpty(request.UseKeyWith) or
nonEmptyIntersection(target.UseKeyWith,request.UseKeyWith)) and 
        (isEmpty(request.KeyUsage) or
nonEmptyIntersection(target.KeyUsage,request.KeyUsage))  

As a formal methods person I like the idea of giving the matching rules
as algebra...

I think we should go for the 'any' match rules.

Otherwise we should specify a match flag and specify values 'exact',
'any', 'superset' as described above. This would be for both the
QueryKeyBinding and the TemplateKeyBinding.

        Phill

Received on Wednesday, 18 December 2002 12:25:42 UTC