ISSUE-49 (DerivedKeyType): No support for derived keys in XML Dsig, XML Enc [Rqmts (XML Signature and Canonicalization V Next Requirements)]

ISSUE-49 (DerivedKeyType): No support for derived keys in XML Dsig, XML Enc [Rqmts (XML Signature and Canonicalization V Next Requirements)]

http://www.w3.org/2008/xmlsec/track/issues/49

Raised by: Magnus Nyström
On product: Rqmts (XML Signature and Canonicalization V Next Requirements)

Neither XML DSig or XML Enc supports the concept of derived keys.

There are several cases when this lack of support is an issue. For
example, when encryption or message authentication is based on
passwords. Another example is when a master key is all that is shared
between communicating parties and avoidance of using this master key
for direct protection is desired.

A separate email will provide an analysis of the use of derived keys in some existing WS * specifications, and compare the functionality in those specification with an alternative, based on a set of requirements.

Received on Thursday, 28 August 2008 14:52:18 UTC