Re: Issue 116 from Slava Galperin on 2002-12-19 (www-xkms@w3.org from December 2002)

From: Slava Galperin <slava.galperin@sun.com>
Date: Wed, 18 Dec 2002 19:45:24 -0800
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: "Www-Xkms (E-mail)" <www-xkms@w3.org>
Message-ID: <3E0140D4.9542EFA1@sun.com>

"Hallam-Baker, Phillip" wrote:

>
>
>      So just to confirm the proposed resolution:
>      - The scope of KeyBinding ID is just the request message or
>      just the response message.
>      - It is not persistent
>      - KeyBinding ID is not used in matching rules to select
>      target key binding for XKISS and XKRSS
>
>      KeyBinding element in Reissue, Revoke and Recover requests
>      is used as a pattern to "identify" target key bindings by
>      matching on the combination on KeyInfo/KeyUsage/UseKeyWith
>      values.
>
>      This still needs a few clarifications :
>
>      Should matching rule for Reissue/Revoke/Recover be the
>          "exact" match
>          or "superset" match :
>              target.KeyInfo = request.KeyInfo and
>              target.UseKeyWith "is-a-superset-of"
>      request.UseKeyWith and
>              target.KeyUsage "is-a-superset-of" request.KeyUsage
>          or "any" match
>              target.KeyInfo = request.KeyInfo and
>              (isEmpty(request.UseKeyWith) or
>      nonEmptyIntersection(target.UseKeyWith,request.UseKeyWith))
>      and
>              (isEmpty(request.KeyUsage) or
>      nonEmptyIntersection(target.KeyUsage,request.KeyUsage))
>
> As a formal methods person I like the idea of giving the matching
> rules as algebra...
>
> I think we should go for the 'any' match rules.
>
> Otherwise we should specify a match flag and specify values 'exact',
> 'any', 'superset' as described above. This would be for both the
> QueryKeyBinding and the TemplateKeyBinding.
>

Having explicit match flag would be my preference too (despite of some
extra complexity it comes with).

I think you meant PrototypeKeyBinding from RegisterRequest, not
TemplateKeyBinding. (BTW, latest spec seem to have a  leftover
TemplateKeyBinding reference in [147]). I am not sure that matching
semantics applies to PrototypeKeyBinding in RegisterRequest the same way
as in Reissue/Revoke/Recover.

--
Slava Galperin
mailto:slava.galperin@sun.com

For in much wisdom is much grief: and he that increaseth knowledge
increaseth sorrow.


(Ecclesiastes 1:18)

Received on Wednesday, 18 December 2002 22:45:56 UTC