RE: req. comments

Thanks for the comments Yassir. Some replies below

-----Original Message-----
From: Yassir Elley [mailto:yassir.elley@sun.com]
Sent: Thursday, January 17, 2002 3:45 PM
To: www-xkms@w3.org
Subject: req. comments

<...>

3.2.10
I don't understand the second sentence here. What is the "validation portion
of a request"?
Also, is this a MAY or a MUST?

---
[MJ] This seems to have persisted from the Nov 8th version of the draft.
Good catch. I think this is meant to capture the requirement that "validate"
functionality must include "locate" functionality, i.e. a key name might be
provide as part of a validate request where the service would first locate
and then validate the corresponding public key. If so, I'll suggest removing
the second sentence in 3.2.10. 
---

3.3.4
The KeyInfo formats X509Chain, OCSP, and PGPWeb are not defined
in <ds:KeyInfo>. Are we going to be defining these formats in the
XKMS specification?

---
[MJ] If not defined elsewhere, I would say yes.
---

4.
We should also ask for review from the the SSTC folks since
we are planning to support them.

---
[MJ] I'm not sure how formal we need to be here. The paragraph above the one
you reference indicates that we'll design the protocol to work with SSTC,
while the charter says "The Working Group will liaise via
cross-participation with the OASIS Security Services Technical Committee
developing the Security Assertions Markup Language Specification." Maybe we
need to make our "Coordination" section more consistent with the Charter
language (or simply point to the Charter instead).  I'll suggest that we
trim this section so that we just point to the charter
(http://www.w3.org/2001/XKMS/2001/01/xkms-charter.html#_Coordination). This
probably doesn't satisfy your requirement for more formal interaction with
SSTC. Maybe Stephen, Shivaram or Joseph can address on the call today.
---

Cheers,
Mike