I am ok with this addition. I would also suggest that we add a "Requirement" to the requirements doc http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html - say, 3.3.2.4 (as this could be classified as Interop requirement) ------------xxx--------- 3.3.2.4 Add X509AKI element to support X.509v3 Authority Key Identifier Extension To Support base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension, add an element dsig11:X509AKI to dsig:X509Data Element list. Schema: <element name="X509AKI" type="base64Binary"/> ------------xxx--------- /Shivaram -- Strong Authentication, SOA, Web Services, PKI, Software Architecture, Product Strategy and Management Consultants: http://www.TrustStix.com/ ________________________________ From: Frederick Hirsch <frederick.hirsch@nokia.com> To: XMLSec WG Public List <public-xmlsec@w3.org> Cc: Frederick Hirsch <frederick.hirsch@nokia.com> Sent: Thu, January 14, 2010 11:54:47 AM Subject: proposed XML Signature 1.1 addition [not as chair] Would it be possible to add a new element to XML Signature 1.1, namely X509AKI - I view this as along the same lines as the added OCSP element. Proposal: Add dsig11:X509AKI to list in #1 in section 4.5.4 The X509Data Element The X509AKI element which contains the base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension. with schema <element name="X509AKI" type="base64Binary"/> --- I've gotten feedback that this would be helpful and would like propose we add it before Last Call. Thanks regards, Frederick Frederick Hirsch Nokia
Received on Thursday, 14 January 2010 20:18:54 UTC