W3C home > Mailing lists > Public > www-xkms@w3.org > December 2002

RE: Issue 116

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 18 Dec 2002 09:25:27 -0800
Message-ID: <CE541259607DE94CA2A23816FB49F4A3953C1B@vhqpostal6.verisign.com>
To: Slava Galperin <slava.galperin@sun.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: "Www-Xkms (E-mail)" <www-xkms@w3.org>

So just to confirm the proposed resolution: 

- The scope of KeyBinding ID is just the request message or just the
response message. 
- It is not persistent 
- KeyBinding ID is not used in matching rules to select target key
binding for XKISS and XKRSS 

KeyBinding element in Reissue, Revoke and Recover requests is used as a
pattern to "identify" target key bindings by matching on the combination
on KeyInfo/KeyUsage/UseKeyWith values. 

This still needs a few clarifications : 

Should matching rule for Reissue/Revoke/Recover be the 
    "exact" match  
    or "superset" match : 
        target.KeyInfo = request.KeyInfo and 
        target.UseKeyWith "is-a-superset-of" request.UseKeyWith and 
        target.KeyUsage "is-a-superset-of" request.KeyUsage 
    or "any" match 
        target.KeyInfo = request.KeyInfo and 
        (isEmpty(request.UseKeyWith) or
nonEmptyIntersection(target.UseKeyWith,request.UseKeyWith)) and 
        (isEmpty(request.KeyUsage) or

As a formal methods person I like the idea of giving the matching rules
as algebra...

I think we should go for the 'any' match rules.

Otherwise we should specify a match flag and specify values 'exact',
'any', 'superset' as described above. This would be for both the
QueryKeyBinding and the TemplateKeyBinding.






Received on Wednesday, 18 December 2002 12:25:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:40 UTC