W3C home > Mailing lists > Public > www-xkms@w3.org > February 2002

Re: WAP issues with XKMS [was RE: Mobile XKMS clients]

From: Ed Simon <edsimon@xmlsec.com>
Date: Wed, 27 Feb 2002 10:06:30 -0500
Message-ID: <001401c1bfa0$599c4290$a200a8c0@DJQC7111>
To: <www-xkms@w3.org>
I can't think of any constrained-xmldsig specifications offhand.  After all,
XML Signature only became a Recommendation last week.

That said, there are a number of potential XML Signature processing
optimizations that could be implemented, they would need to be selected
according to the specific needs of the system in mind.  Let me emphasize
that these wouldn't be optimizations to the XML Signature spec but
reasonable constraints on the data being signed and optimized code written
particularly for those constraints.

So the first thing to do is to get a firm understanding of XKMS use in
mobile devices and smart cards including what constraints can be placed on
the XKMS , then identify the potential optimization possibilities, and then
finally, write some specialized code to see if it the results are what were
hoped for.  Though the topic is specifically interesting to me, I can't
commit to anything major on it until I've confirmed I've got the resources
necessary for it.

Regards, Ed

----- Original Message -----
From: "Stephen Farrell" <stephen.farrell@baltimore.ie>
To: "Ed Simon" <edsimon@xmlsec.com>
Cc: <www-xkms@w3.org>
Sent: Tuesday, February 26, 2002 8:08 AM
Subject: Re: WAP issues with XKMS [was RE: Mobile XKMS clients]


>
> Ed,
>
> On the first issue - have we any examples of a constrained-xmldisg
> specification?
>
> Stephen.
>
> Ed Simon wrote:
> >
> > Alex wrote
> > > 1) Because its not possible (and perhaps impossible) to support a
general
> > > purpose XML parser and more importantly a full XML dsig implementation
on
> > > constrained devices, it would be necessary to create a dsig profile
for
> > XKMS
> > > messaging.  For example, is full XPath support necessary?
> >
> > Individual protocols can certainly decide not to use XPath or other
features
> > of XML Signature; indeed the XML Signature schema specifically allows
great
> > flexibility in subclassing.   However, all protocols, no matter how they
> > subclass XML Signature, must however ensure they are using XML Signature
in
> > a secure and sufficiently interoperable manner.
> >
> > I'm interested in the question about determining what degree of XML
> > processing will be available on "constrained" devices.   I'm not
> > knowledgeable enough in this area but it seems to me that there are so
many
> > XML technologies that will be desired on such devices (eg. SVG, Web
> > services,...) that it would make sense (even in a constrained
environment)
> > to have a reasonably adequate level of generic XML processing available.
> >
> > > 2) The size of a signed XKMS message is to large, leading to bandwidth
> > > issues.  For example, a typical signed XKMS Validate response can run
> > about
> > > 2.5K.  On some networks this would cost the user between 7 and 10
cents!
> > > (Data from a major European operator)   This seems to have been the
major
> > > issue with the vendors and caused them to stick to their smaller
> > proprietary
> > > structures and to consider ASN.1 based protocols such as OCSP for
> > validation
> > > instead of going with XKMS.
> >
> > Again, I'm no expert in wireless but 4cents per kilobyte sounds strange
to
> > me as a design parameter.  I thought 3G wireless was good for say, at
least
> > 10 kB/second.  Does that mean on 3G, I'd be spending 40 cents/second,
> > $24/minute!, on a 3G network!!!
> >
> > Ed
>
> --
> ____________________________________________________________
> Stephen Farrell
> Baltimore Technologies,   tel: (direct line) +353 1 881 6716
> 39 Parkgate Street,                     fax: +353 1 881 7000
> Dublin 8.                mailto:stephen.farrell@baltimore.ie
> Ireland                             http://www.baltimore.com
>
Received on Wednesday, 27 February 2002 10:05:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:15 GMT