W3C home > Mailing lists > Public > www-xkms@w3.org > October 2004

Re: Action item

From: Berin Lautenbach <berin@wingsofhermes.org>
Date: Wed, 13 Oct 2004 07:29:19 +1000
Message-ID: <416C4CAF.9080007@wingsofhermes.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Tommy Lindberg <tommy.lindberg@gmail.com>, Yunhao Zhang <yzhang@sqldata.com>, www-xkms@w3.org

Stephen Farrell wrote:

> Secondary question to server implementers: if the request had
> contained a KeyValue you'd never heard of, but is otherwise
> the same, would you return bob's key? (I realise that the
> spec is properly silent on this "policy" issue, but just
> wondered.)

At the moment, for a LocateRequest, the server goes through and creates 
the union of all possible key matches and returns them.

For a ValidateRequest I validate any actual key information against 
"hints".  So if the key name is "berin" but the KeyValue isn't something 
I know, the request should fail.

Also, for ValidateRequest *everything* must match up to *one* key.  Or 
at least that's the theory - I'd be hesitant to say the server is 
currently that exact :>.

Cheers,
	Berin

> Stephen.
> 
> Tommy Lindberg wrote:
> 
>> That's it, Yunhao.
>>
>> Tommy
>>
>>
>> On Tue, 12 Oct 2004 08:24:42 -0400, Yunhao Zhang <yzhang@sqldata.com> 
>> wrote:
>>
>>> Hi Tommy,
>>>
>>> Thanks for the insider information. I am still getting a failure with 
>>> out
>>> the KeyName. The request message is something like,
>>>
>>> <SOAP-ENV:Envelope
>>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>> - <SOAP-ENV:Body>
>>> - <xkms:LocateRequest xmlns:xkms="http://www.w3.org/2002/03/xkms#"
>>> Id="_ce8734ab-cf09-40f0-813e-aea6aa889015"
>>> Service="http://62.77.172.83:4080/xkiss/soap11">
>>>  <xkms:RespondWith>xkms:KeyName</xkms:RespondWith>
>>>  <xkms:RespondWith>xkms:KeyValue</xkms:RespondWith>
>>>  <xkms:RespondWith>xkms:X509Cert</xkms:RespondWith>
>>> - <xkms:QueryKeyBinding xmlns:xkms="http://www.w3.org/2002/03/xkms#"
>>> Id="_dd53968f-b75d-4984-bf64-857d4bc23134">
>>>  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#" />
>>>  <xkms:KeyUsage>xkms:Signature</xkms:KeyUsage>
>>>  <xkms:KeyUsage>xkms:Encryption</xkms:KeyUsage>
>>>  <xkms:KeyUsage>xkms:Exchange</xkms:KeyUsage>
>>>  <xkms:UseKeyWith Application="urn:ietf:rfc:2633"
>>> Identifier="bob@example.com" />
>>>  <xkms:TimeInstant Time="2004-10-12T12:50:09Z" />
>>>  </xkms:QueryKeyBinding>
>>>  </xkms:LocateRequest>
>>>  </SOAP-ENV:Body>
>>>  </SOAP-ENV:Envelope>
>>>
>>> I suspect the empty KeyInfo caused the problem, is it true?
>>>
>>> Thanks,
>>>
>>> Yunhao
>>>
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Tommy Lindberg" <tommy.lindberg@gmail.com>
>>> To: "Yunhao Zhang" <yzhang@sqldata.com>
>>> Cc: <www-xkms@w3.org>
>>> Sent: Tuesday, October 12, 2004 5:16 AM
>>> Subject: Re: Action item
>>>
>>>
>>>> Hi Yunhao -
>>>>
>>>>
>>>>> Yes. I can reconfirm your claim,
>>>>
>>>>
>>>> Glad to hear that, thanks.
>>>>
>>>>
>>>>> I got a failure ...
>>>>
>>>>
>>>> I checked out your request; if I am not mistaken, you specify a 
>>>> sequence
>>>
>>>
>>> of
>>>
>>>> <KeyInfo><KeyName>Bob</KeyName></KeyInfo>. You don't need to do that.
>>>> The Locate operation will work just fine with UseKeyWith alone.
>>>>
>>>> Regards
>>>> Tommy
>>>>
>>>>
>>>> On Mon, 11 Oct 2004 19:43:57 -0400, Yunhao Zhang <yzhang@sqldata.com>
>>>
>>>
>>> wrote:
>>>
>>>>>> A quick note to confirm that I have implemented the asynchronous
>>>>>> behaviour required by test case T7 as outlined in the original e-mail
>>>>>> below.
>>>>>>
>>>>>
>>>>> Yes. I can reconfirm your claim, although I got a failure for the 
>>>>> final
>>>>> results, which was caused by my tool for not providing a correct 
>>>>> KeyName
>>>
>>>
>>> in
>>>
>>>>> the request message. BTW, I wonder if we should define the KeyName 
>>>>> to be
>>>>> used in all the test cases if it is required. So far, each
>>>
>>>
>>> implementation
>>>
>>>>> requires a different KeyName, and it is hard to automate the tests.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Yunhao
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
> 
> 
> 
Received on Tuesday, 12 October 2004 21:29:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:23 GMT