W3C home > Mailing lists > Public > www-xkms@w3.org > June 2004

XKISS Service Announcement

From: tommy lindberg <lindberg_tommy@hotmail.com>
Date: Sat, 12 Jun 2004 12:10:08 +0000
To: www-xkms@w3.org
Message-ID: <BAY12-F64wnmlArqqYa00045a33@hotmail.com>

As part of my XKMS implementation effort I am announcing the availability
of three XKISS service endpoints located at:      SOAP 1.2 binding      SOAP 1.1 binding  XKISS messages directly over HTTP

The following applies to all three endpoints:

- Aware of keys and certificates submitted as part of my sample
  messages; these should be used as the basis for the queries and

- Both unsigned and signed messages are accepted. Failure to verify and
  validate a signature yields a result containing Sender.NoAuthentication.

- All results are signed using the RSA XKMS responder key.

- Synchronous, Two-phase and Asynchronous exchanges are supported; the
  two-phase exchange takes precedence when both two-phase and
  asynchronous exchanges are indicated.

- The notification phase of the asynchronous exchange is currently manual
  and the delay is therefore significant.

- Responds to LocateRequest, ValidateRequest, StatusRequest and 

- Respects requests for OpaqueClientData and RequestSignatureValue by
  copying these quantities from the request into the result.

- Supports KeyInfo elements KeyName, KeyValue, X509Data.X509Certificate
  in QueryKeyBinding

- The following Application/Identifier combinations are meaningful for use
  with UseKeyWith:
    urn:ietf:rfc:2633   deirdre@deirdrecorp.ie
    urn:ietf:rfc:2633   alice@alicecorp.ie
    urn:ietf:rfc:2633   bob@bobcorp.ie
    urn:ietf:rfc:2633   carol@carolcorp.ie
    urn:ietf:rfc:2633   harry@harrycorp.ie

- In order for a KeyInfo.KeyName to match a key/cert in a query, the 
  of the name components in the distinguished name is currently important.
  As the list is short I include the KeyName's that result in a match, 

    CN=deirdre@deirdrecorp.ie,O=Deirdre Corp,L=Dundrum,ST=Dublin,C=IE
    CN=alice@alicecorp.ie,O=Alice Corp Ltd,L=Howth,ST=Dublin,C=IE
    CN=bob@bobcorp.ie,O=Bob Corp Ltd,L=Malahide,ST=Dublin,C=IE
    CN=carol@carolcorp.ie,O=Carol Corp Ltd,L=Dundrum,ST=Dublin,C=IE
    CN=harry@harrycorp.ie,O=Harry Corp Ltd,L=Blackrock,ST=Dublin,C=IE

    In JDK 1.4, X509Certificate.getSubjectX500Principal().getName() produces
    the desired DN.

- Unlike the samples I submitted, the result messages produced by these 
  are not formatted with easy reading in mind.

This is a first increment of work in progress and should be it used with 
compatible expectations.

Looking forward to getting feedback.



STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
Received on Saturday, 12 June 2004 08:10:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:42 UTC