- From: Yassir Elley <yassir.elley@sun.com>
- Date: Mon, 11 Mar 2002 17:28:21 -0500
- To: www-xkms@w3.org
1) As the spec indicates, the Reason element needs to be incorporated into the schema. Currently, this should probably be added to KeyBindingType (although it should really be in ValidateResponse). 2) There is also currently no schema definition for this element. 3) I would recommend re-naming the "Status" aspect to be "RevocationStatus" so that it is not confused with other stuff like the AssertionStatus or Status elements. 4) In the Description of the first three aspects, the word "assertion" is used in a confusing manner. 5) It is also unclear why this is in the section on Common Data Elements, since this is presumably only relevant for Validate (and not Locate). 6) I am confused by the "Signature" aspect defined for the Reason element. Description: "Signature on signed data provided by the client in the <ds:KeyInfo> element (e.g. X509Data element) was successfully verified." X.509 Equivalent: "Certificate Signature verified" What does this mean? Is the client including arbitrarily signed data (e.g. a signed XML document) in the request that he wants the service to verify? I do not think X-KISS includes the functionality of allowing the client to send over a signed XML document and having the trust service verify the signature on the document and return a "Valid" Assertion status along with a "Signature" Reason. Am I missing something here? -Yassir.
Received on Monday, 11 March 2002 17:32:03 UTC