part 1 comments - 13-Feb-03 from Frederick.Hirsch@nokia.com on 2003-02-19 (www-xkms@w3.org from February 2003)

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 19 Feb 2003 15:16:07 -0500
To: <www-xkms@w3.org>, <pbaker@verisign.com>
Message-ID: <E320A8529CF07E4C967ECC2F380B0CF90141F1B2@bsebe001.americas.nokia.com>

Phill

I have a few question and editorial comments on the 13-Feb-03 Part 1 XKMS draft.

Question
[95] How does the RequestSignatureValue element cryptographically link the request to the response? Isn't
it just a value in the request that is returned in the response (cryptographically linked to the request, but
not to the response?) Perhaps a sentence suggesting that the response be signed to make the cryptographic
linkage to the response?

e.g. add to [95], "When the <RequestSignatureValue> element is used, the response SHOULD be signed, creating a 
cryptographic linkage of the response to the request."

[101] It should be ResultAbstractType in the text to match the schema.

[159],[163] Why is SOAP role used for XKMS application? Shouldn't this be the XKMS service URI for XKMS
and the xkms:Locate/Validate QNames for the XKMS/profile?

[190] presumably using UseKeyWith for policy will imply a different application URI/Identifier than those listed.

[448] in the compliance table, is "no security" recommended for operations other 
than locate (e.g. registration, validation) since XKMS itself provides adequate security, and confidentiality is  optional? 

Editorial comments

[76] multiple QName usage implies multiple elements:

The ResponseMechanism element allows QName identifiers to be passed in the request, as does the
RespondWith element. Presumably if more than one is to be passed then the element must be repeated, e.g.

<RespondWith>xkms:KeyName</RespondWith>
<RespondWith>xkms:KeyValue</RespondWith>

This is suggested by the schemas, since the type QName corresponds to a single value. Perhaps an
example request should be added for RespondWith.

[21] section 1.3, elementFormDefault runs off page when printed, newline before it?

[53] last sentence, add at end: "for that inner request."

[61] s/derrived/derived/

[62] MessageExtension schema element goes off page at maxOccurs

[76] replace .. with .

[82] for Identitier s/specified/specifies/  s/is make/is to be made/

[96] s/element element/element/

[103] Sentence incomplete, probably should say "is used to obtain the status of a pending request."

[106] schema is missing

[118] examples run off printed page right-hand margin

[141], [143] table entries off page

[144] s;key binding being;key binding identifier being;

[150] typos  jpointly sereraly

[190] s/usekeywith/UseKeyWith/

[214] replace .. with .

[264] A sequence of <KeyBinding> key bindings...

[318] s/regisration/registration/

[325] s/do not/does not/

[387] s/Cann/Can/


regards, Frederick
 
Frederick Hirsch
Nokia Mobile Phones

Received on Wednesday, 19 February 2003 15:17:23 UTC