Moving to CR: Relationships to other standards from Jose Kahan on 2003-08-22 (www-xkms@w3.org from August 2003)

From: Jose Kahan <jose.kahan@w3.org>
Date: Fri, 22 Aug 2003 16:21:55 +0200
To: www-xkms@w3.org
Cc: hugo@w3.org
Message-ID: <20030822142155.GA3474@inrialpes.fr>

Hello,

Per the Process Document [1, last paragraph], we should include 
a statement about how XKMS relates to existing international 
standards and to related work outside of W3C.

Some candidates for this section could be SAML [2] and WS-TRUST [3].
SAML because XKMS can be used to verify signed data. WS-TRUST,
because it offers something that appears similar, but more generic.

More specifically, (please correct me if I'm wrong; I only did a quick
read of WS-TRUST), It seems that WS-TRUST and XKMS may have some 
overlap.  XKMS targets operations on public-key 
certificates (validating, locating, registering, generating,
revoking, ...). WS-TRUST defines more generic security attribute
certificates and defines how a client may bind, request, delegate,
and exchange them. It doesn't define yet in the 18 Dec. 2002 draft
how an application will validate those certificates. Of course, 
it could use XKMS if they are signed. 

However, if WS-TRUST defines a generic service, wouldn't it
be possible to define something like X-KISS validate on
WS-TRUST? After all, a public-key certificate can be seen
as a specialized security certificate, can't it? And the protocols
requesting a validation for a certificate or a binding could
be similar too.

This is not such a candid question.  Hugo Hass pointed me to a
recent article [4] that raises the same point:

-------
For the X.509 world, there already exists a proposal for XML-based token
issuance and token validation, namely, the X-KRSS and X-KISS components
of the XML Key Management Specification (XKMS) currently being
standardized under the W3C. It remains to be seen how WS-Trust and XKMS
will compete, cooperate, or coexist in this area.
------

It's particularly worrying in that the WS-TRUST doesn't mention XKMS
at all. XKMS doesn't mention either WS-TRUST.

We can take advantage of this Process advised section to clear these
doubts and explain the relationships between XKMS and WS-TRUST.

Thanks!

-jose

[1] http://www.w3.org/2003/06/Process-20030618/process.html#last-call
[2] http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
[3] http://www-106.ibm.com/developerworks/library/ws-trust/
[4] http://webservices.xml.com/pub/a/ws/2003/06/24/ws-trust.html?page=1

Received on Saturday, 23 August 2003 05:14:18 UTC