W3C home > Mailing lists > Public > www-xkms@w3.org > December 2002

UseKeyWith for Policy (Was: New Draft)

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 19 Dec 2002 13:58:50 -0500
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Www-Xkms (E-mail)" <www-xkms@w3.org>
Message-Id: <200212191358.51087.reagle@w3.org>

On Tuesday 02 April 2002 17:58, Hallam-Baker, Phillip wrote:
>     Please find attached a ZIP of the revised spec together with a new
> schema.

In the 16-December draft re: 4.1.3 Element <UseKeyWith>
>[150] <UseKeyWith> application identifiers MAY be used to 
>represent key binding issuance and/or use policies instead 
>of an application protocol. In this case the <UseKeyWith> 
>element specifies that the key binding complies with the specified policy.

So this appears to be new text. Let me step back a second though. I 
requested a means by which a XKMS service would provide policy context to a 
response it gives, in particular "obtain an assertion specifying the status 
of the binding between the public key and other data". I believe it is 
important to hang the status of the binding off of some policy context such 
as, "this binding is valid for PKIX semantics/processing and our local 
trust policy foo." Some URI could be provided to indicate this.

I don't think this is addressed by the new text; and it appears to be 
designating a security policy the requestor/client should use with the 
returned information? "The <UseKeyWith> element specifies a subject 
identifier and application identifier that determine a use of the key." I 
didn't understand the discussion as to why it was moved to UseKeyWith 
(instead of a PolicyURI), but maybe this is why, because there are two 
requirements before us? (One to provide context to the service, another to 
provide guidance to the client?)
Received on Thursday, 19 December 2002 13:58:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:18 GMT