W3C home > Mailing lists > Public > www-xkms@w3.org > February 2002

RE: Mobile XKMS clients

From: Blair Dillaway <blaird@microsoft.com>
Date: Mon, 25 Feb 2002 15:08:38 -0800
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCF05@red-msg-01.redmond.corp.microsoft.com>
To: "Yassir Elley" <yassir.elley@sun.com>, <www-xkms@w3.org>
Yassir,

I have always assumed the primary target of the XKMS specification is
devices that use XML-based protocols and data structures.  This implies
a full-featured parser, though not necessarily a DOM-based parser.  A
cell phone could meet this criteria, probably not existing smart cards.
In any event, I believe a minimal XKMS client would only need to be able
to handle composition and parsing of the XKMS Validate messages.  A
special built parser for this could be very small, especially if the
supported KeyInfo structure is constrained.

So in answer to your question, I believe devices must able to compose
and parse the XML associated with the XKMS messages required by their
application(s).  But, it isn't required they support a general purpose
XML parsing capability.

Blair
 

-----Original Message-----
From: Yassir Elley [mailto:yassir.elley@sun.com] 
Sent: Monday, February 25, 2002 1:29 PM
To: www-xkms@w3.org
Subject: Mobile XKMS clients


Although we don't spell it out explicitly in the Requirements document,
it is obviously implied that XKMS applications MUST have the ability to
parse XML data. This poses a problem for extremely constrained clients
(such as cell phones and smart cards) that do not have general-purpose
XML parsers available to them - or SOAP processors for that matter -
(because of memory constraints). I have always assumed that one of the
(most) compelling use cases for XKMS is for mobile devices, such as cell
phones, which are not capable of building and validating cert chains,
etc. Although this assumption is not explicitly stated in our documents,
it shows up on the XML Trust Center site under "Benefits of XKMS" - i.e.
"Ideal for mobile devices: XKMS allow mobile devices to access
full-featured PKI through ultra-minimal-footprint client device
interfaces."

If one of our goals is to support constrained devices at the scale of
cell phones and smart cards, then the current spec falls short of that
goal.

My questions to the group:
When we talk about supporting mobile devices, are we including cell
phones and smart cards as such devices? Has anyone thought about
implementation issues with respect to this? Do we need to add text
indicating that providing support for applications without
general-purpose XML parsers is out of scope?

Regards,
Yassir.
Received on Monday, 25 February 2002 18:10:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:15 GMT