W3C home > Mailing lists > Public > www-xkms@w3.org > March 2005

RE: Spec udpated

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Fri, 18 Mar 2005 20:06:20 -0800
Message-ID: <198A730C2044DE4A96749D13E167AD372500A2@MOU1WNEXMB04.vcorp.ad.vrsn.com>
To: XKMS WG <www-xkms@w3.org>
If we are going to change the schema I would like to suggest a small change
to add an extra optional attribute to UseKeyWith to allow a second
identifier to be specified.
The use for this is to allow for situations where the key to be used with a
subject changes according to the identity of the other party to the
conversation. For example in Kerberos and symmetric keyed protocols this
always occurs.
I had thought that since XKMS was limited to public key interactions that
this would not be required. However I now think that there is an important
set of use cases where it is useful to specify the counterparty. For example
in an enterprise messaging environment the set of security keys to be used
for internal communications might be different from the set of keys for
external parties.
So I would like to suggest adding a new attribute 'Counterparty' defined as
The <UseKeyWith> element contains the following attributes: 

Application     [Required] 

A URI that specifies the application protocol with which the key may be used

Identifier     [Required] 

Specifies the subject to which the key corresponds within the specified
application protocol. 
Counterparty [Object] 

May be used to specify a party with which the subject is in communication
with specified application protocol. 

  <!-- UseKeyWith -->
   <element name="UseKeyWith" type="xkms:UseKeyWithType"/>
   <complexType name="UseKeyWithType">
      <attribute name="Application" type="anyURI" use="required"/>
      <attribute name="Identifier" type="string" use="required"/>
      <attribute name="Counterparty" type="string" use="optional"/>
   <!-- /UseKeyWith -->

-----Original Message-----
From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org] On Behalf Of
Shivaram Mysore
Sent: Friday, March 18, 2005 6:36 PM
Subject: Spec udpated

I have updated the spec [1] and the corresponding Schema (Thanks to Tommy).
The following are the changes.  There needs a little bit more work on
certain items.  I would appreciate if folks take a look at this and suggest
Jose, please update the xkms.xsd file attached to the website [2]

1.	Schema update: Added ResultMinorEnum codes
ProofOfPossessionRequired, TimeInstantNotSupported and
TimeInstantOutOfRange. Rationale: Issues
<http://www.w3.org/2001/XKMS/Drafts/cr-issues/issues.html#332-tl3> 332-tl3
and  <http://www.w3.org/2001/XKMS/Drafts/cr-issues/issues.html#332-tl4>

2.	Schema Update: Added ResultMinorEnum code
OptionalElementNotSupported . Rationale:
<http://www.w3.org/2001/XKMS/Drafts/cr-issues/issues.html#333-jk> Issue

3.	Editorial:Para[70] - added "("+" indicates concatenation)" as

4.	Issue 332-tl1: Updated Section 7.1.7 para[303] to include Type and
MimeType information for EncryptedData element. Should I still include that
"XKMS responders may ignore this type attribute?" 

5.	Issue 332-tl3: Updated para [311], [315] and [122]. Added codes to
the schema 

6.	Issue 332-tl4: Updated para [213] [122] - added text to TimeInstant
element, corresponding result codes to schema 

7.	Issue 332-tl5: Added sentence "XKMS Responders do not have to
support both of these optional elements in a request message." to para [291]

8.	Issue 332-tl6: - Updated para [112a], [128a] and [132] by adding
that <RespondWith>element cannot be present in these request elements. 

9.	Issue 333-jk: Added Para [352a] 

10.	Issue 334-jk: Added Para [277a] -I believe this needs a little bit
more work 


[2] http://www.w3.org/2001/XKMS/Drafts/XKMS-PR-DRAFT/Schemas/

Secure Web Services, PKI, Software Architecture, Java, 
Product Strategy and Management Consultant:
Received on Saturday, 19 March 2005 04:06:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:43 UTC