(summarizing this issue reported by Tommy for archival purposes) The XKRSS message defines the KeyBindingAuthentication element that lets a server authenticate the key binding element within an XKRSS request. The content of this element has a ds:Signature calculated with an HMAC using a preshared secret. The XKMS CR specification doesn't define how to identify the preshared secret. One developer did it using ds:KeyInfo.Keyname, while another one used UseKeyWith with a request can notify the server which shared secret it used. One implementation used ds:Keyinfo.Keyname where another one used UseKeyWith with certain values to make it work. In order to avoid interoperability problems, it would be good if the XKMS recommended how to do this. Tommy's proposal to use ds:KeyInfo.Keyname for this makes sense to me. -joseReceived on Thursday, 3 March 2005 16:37:44 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:31:03 GMT